A newly discovered Gmail phishing attack, in which criminals hack email accounts and look through the victims inbox to target their contacts with fake, but very convincing emails.
Phishing scams have been around almost as long as emails, but hackers still seem to find innovative ways of compromising and stealing financial data.
This new attack uses previously sent emails of the victim, replicating them, applying the same subject line and attachment names, but replacing the original PDFs with malicious files.
They appear to be PDFs, however, they are actually images that, once opened, send the victim phishing pages.
It was reported that even the URL that the attachment points to appears legitimate, using the google.com domain, which could easily entice people to think it is genuine.
Mark James, ESET IT Security Specialist, explains why phishing attacks are still rife and how to avoid falling victim to an attack.
“Phishing attacks are now a daily occurrence for most users, and to be fair most users will spot a large majority of them as exactly that, with “dear user” and poor grammar or translation.
“They normally end up in the bin fairly quickly, but the problem is not the ones that end up in the bin, it’s the one that does not.
“For us to be safe we have to stop 100% of malware, and that includes phishing attacks, but for the bad guys they only need to be successful once.
“Phishing is getting harder to spot: the emails are getting smarter, and every now and again even the ‘techies’ have to stop and think about clicking that link or opening that attachment.
“When these emails start taking on the form of our daily go-to apps like Apple or Google then it’s no surprise that sometimes even the enlightened get fooled.
“But all is not lost, using technology like 2 Factor Authentification or 2 Step verification could help to protect your account.
“It might not stop you from inadvertently sharing your login credentials, but it will stop someone else from using them and that’s the main thing.”
How many phishing emails to you receive per day? Let us know on Twitter @ESETUK
Join the ESET UK LinkedIn Group and stay up to date with the blog. If you’re interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.