Phishing attack targeting gmail users

by Jennifer Kennedy.

A particularly nasty phishing scam is currently circulating using an infected PDF attachment to take victims to a fake gmail sign-in page.  Once the user has signed in the scam is then sent to other gmail users with information from the sent items folder. This means the phishing attacks can look very convincing with realistic subject lines and appearing to come from known contacts.

Once the hackers have access to your account they may be able to use your personal details and password on other services you use. You can avoid being targeted by enabling two-factor authentication.  To check whether the log in page is genuine, look out for the prefix ‘data:text/html’ in the browser location bar, which indicates that you are being directed to an illegitimate web page. The real log in page should start https://accounts.google.com/ServiceLogin