You Are Here: Home » E-Threats » Alerts » Hackers Steal Google Account Passwords in Better Crafted Phishing Attack

Hackers Steal Google Account Passwords in Better Crafted Phishing Attack

Hackers grab Google account passwords in a new, better crafted phishing attack that is hard to catch with traditional heuristic detection. A particularity in how Google Chrome displays data: URIs makes Chrome users more vulnerable. The phishing attack also targets Mozilla Firefox users.

With access to users’ Google accounts, hackers can buy apps on Google Play, hijack Google+ accounts and access confidential Google Drive documents.

Hackers Steal Google Account Passwords in Better Crafted Phishing AttackThe scam starts with an email allegedly sent by Google, with “Mail Notice” or “New Lockout Notice” as a subject.

“This is a reminder that your email account will be locked out in 24 hours,” the e-mail reads. “Due to not being able to increase your Email storage Quota. Go to the INSTANT INCREASE to increase your Email storage automatically.”

When clicking the INSTANT INCREASE link, users are redirected to a Google login web page that imitates the authentic one and asks for their credentials.

Hackers Steal Google Account Passwords in Better Crafted Phishing AttackWhat is interesting about this phishing attack is that users end up having the “data:” in their browser’s address bar, which indicates the use of a data Uniform Resource Identifier scheme.

The data URI scheme allows scammers to include data in-line in web pages as if they were external resources. The scheme uses Base64 encoding to represent file contents, in this case supplying the content of the fake web page in an encoded string within the data URI.

As Google Chrome doesn’t show the whole string, regular users have a hard time figuring out they are targeted in a phishing attack and may give their data to cyber-criminals.

Scammers usually pose as services that contact people by e-mail for announcements or notifications. Google, Facebook, eBay, phone services and financial institutions are among phishers’ favorite disguises to invade inboxes worldwide.

A similar attack recently targeted Google Drive’s landing page to grab Gmail credentials.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

This article is based on the technical information provided courtesy of Alin DAMIAN and Andrei SERBANOIU, Bitdefender Online Threats Researchers.

About The Author

Security Specialist

Bianca Stanescu, the fiercest warrior princess in the Bitdefender news palace, is a down-to-earth journalist, who’s always on to a cybertrendy story. She’s the industry news guru, who’ll always keep a close eye on the AV movers and shakers and report their deeds from a fresh new perspective. Proud mother of one, she covers parental control topics, with a view to valiantly cutting a safe path for children through the Internet thicket. She likes to let words and facts speak for themselves.

Number of Entries : 281

Comments (1)

Leave a Comment

© 2012 Powered By Bitdefender

x
Loading...
Scroll to top