New Phishing Technique Puts Gmail Accounts at Risk

Published with Permission by:
Lint, James R., “New Phishing Technique Puts Gmail Accounts at Risk”, In Cyber Defense, 17 Jan. 2017, Web,

By James R. Lint
Faculty Member, School of Business, American Military University
Senior Editor for
In Cyber Defense

Cyber attackers have found a new, highly effective phishing technique targeting Gmail and other services, according to a recent article on Wordfence.

Author Mark Maunder writes “an attacker will send an email to your Gmail account. That email may come from someone you know who has had their account hacked using this technique. It may also include something that looks like an image of an attachment you recognize from the sender.

You click on the image, expecting Gmail to give you a preview of the attachment. Instead, a new tab opens up and you are prompted by Gmail to sign in again….Once you complete sign-in, your account has been compromised.”

Maunder surmises that the attackers must be on hand and ready to exploit your account because of the speed with which they respond. They sign into your account and send emails with your attachments using your subject lines from previous emails to people in your address book.

This is a very effective phishing technique to use against the people who trust you. The hacking crew is large enough to spread across several time zones and exploit your English-language email account. More analysis of this phishing technique might reveal what other languages are being used for this phishing method and help locate the attackers by their unique skill sets.

Using Gmail Single Sign-On Services Is Risky for Your Account

The comfort of Single Sign-On services for your Gmail credentials creates a security risk for your account. As we get more comfortable using these services and customers ask for more ease of operation, we will have to consider the impact of risk that comes with the ease of operation.

The Wordfence article shows a “data URI” (Uniform Resource Identifier) with the complete file in the browser location bar. This data URI provides a method to include in-line data in web pages as if they were normal external resources.

The data:text link line in the browser bar is actually a disguised script. This script opens a fake Gmail login page. When you log in, it sends your real credentials to an attacker. Ideally, you should review the whole browser address window and ensure there is not a script hiding further inside the window.

Always Check Your Browser’s Location Bar

The Wordfence article, US-CERT best practices and other experts say it is best to check the location bar in your browser to determine if you are clicking on the correct website. Just because you click on something that states: “We will make you rich, click link” does not mean it is the correct link.

In fact, here is a safe example. Click on this link: “We will make you rich.

The link will NOT make you rich, but it sends you to the US-CERT Best Practices Page. Be sure to check your links before you click on them to see whether they match.

A reader comment from Google suggests that most any HTTP or HTTPS could have phishing code. The reader says the address bar in a browser window remains one of the few trustworthy components in a browser program.

To say that the browser address bar is highly trusted is inviting the next skilled hacker to show his capability. We do not know what the future will hold in terms of security and hacker attackers. However, I would not bet on the safety of any material you wish to keep private.

It is wiser to remain up to date with your security software and to study new cyberattacks when you hear about them to keep your computers and mobile devices protected.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in South Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 43rd scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and also served 14 years in the Army. His military assignments include South Korea, Germany and Cuba in addition to numerous CONUS locations. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” and a new book in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea.”

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply