Hackers Go After Google Users in Advanced Phishing Attack

Screenshot from homepage of Google Mail of Gmail website
Iain Masterton/Alamy
By Cadie Thompson | @CadieThompson

Hackers are targeting Google (GOOG) users' passwords in a new advanced phishing scheme that is difficult to detect and block, security experts at the firm Bitdefender said on Tuesday.

The attack began a couple of days ago and has managed to spread fast, said Bianca Stanescu, a security specialist at the firm.

"We haven't spotted this type of phishing attack. It's enhanced, usually the security solutions block the webpage for malicious activity before users open it, but this time security solutions receive the encoded content and they can't really block it."

The scam starts with an email that claims to be sent by Google with the phrase "Mail Notice" or "Lookout Notice" as the subject.

The message in the email reads: "This is a reminder that your email will be locked out in 24 hours, due to not being able to increase your email storage quota. Go to the INSTANT INCREASE to increase your Email storage automatically."

A link then redirects the user to a bogus Google login page where the user is prompted to put in their credentials.

Once the hackers receive the credentials they have access to not just a victim's email, but to all Google documents, Google Play, Google Plus and if the person uses the same login information for multiple sites, the hacker will also have access to those.

Google hasn't yet responded to a request for comment.

What's unique about this particular attack isn't only how legitimate the emails appear, but also how the phishing attack is structured. The attack is based on the uniform resource identifiers, or URI, which are the subsets of characters that make up a URL.

Most browsers limit the amount of data that can be in a URI, which makes phishing attacks easier to identify because of how long they can be. But because Google's Chrome browser doesn't display all the information in a URI (making it appear shorter), it makes the dangerous phishing link harder to notice. This specific URI attack shows "Data:" in the Web browser instead of "Https:" which indicates that the Google site is not a real one, Stanescu said.

While Chrome is most vulnerable to this particular attack, Firefox Mozilla's browser is also affected, Stanescu said.

Bitdefender has reached out to Google about the phishing scam and expects the company to have a patch in place soon to help block users from accessing the site, she said. However, blocking dangerous sites doesn't mean the threat dies.

"We are constantly collaborating with Facebook (FB), Google and other institutions and letting them know that this is going on. But by the time they block them new ones are created," Stanescu said.

Internet users need to be skeptical when they receive an urgent email from someone they don't know or a reputable institution and should also use strong passwords and two-factor authentication to help avoid these kinds of scams, she added.

Increase your money and finance knowledge from home

Introduction to ETFs

The basics of Exchange Traded Funds and why ETFs are hot.

View Course »

Managing your Portfolio

Keeping your portfolio and financial life fit!

View Course »

Add a Comment

*0 / 3000 Character Maximum


Filter by:

Don't these people have anything better to do?

May 14 2014 at 4:30 PM Report abuse rate up rate down Reply

i wonder who won for senate in Nebraska ?????~~>"TEA PARTY / USA !~"TEA PARTY / USA !~" TEA PARTY / USA !~ n who won senator in Florida last month ???``~~> " TEA PARTY / USA !~" TEA PARTY / USA !~" TEA PARTY / USA !!~GLAD TO SEE THE WHOLE COUNTRY FINALLY WAKING UP. ~~

May 14 2014 at 3:46 PM Report abuse rate up rate down Reply

Google and others have helped CAUSE this because many websites now say:
"Your browser is out of date and you must use an up to date browser like Google Chrome."

Ebay does not require a "New Browser" to use it, which is about the largest web site on earth, so WHY are so many smaller or independent web sites using code that only "Brand New" and untested and FAULTY browsers be used.

They should use code for web sites that EVERYONE can use, not just the computer junkies and people with Brand New computers and smart phones can use.

May 14 2014 at 1:50 PM Report abuse rate up rate down Reply