CYBER NEWS

Ataques de phishing do Gmail 2017: Como reconhecer o Scam

Gmail phishing attempts have been registered. Security researchers at Wordfence have detected a highly effective and massively spread phishing technique stealing login credentials for Gmail and other services. Pelo visto, during the last couple of weeks, tech-savvy users compromised by the Gmail phishing attacks have been sharing reports and details so that more users are aware.

Gmail Phishing Attack: Detalhes técnicos

Gmail is the primary target of these attempts, but other services are targeted as well. É um esquema de phishing típico onde o invasor enviar um email para uma conta do Gmail. O e-mail pode parecer a ser enviado por alguém o alvo sabe, E isso é porque sua conta foi hackeada. O e-mail pode incluir um anexo de uma imagem. Ao clicar na imagem para visualizá-la, uma nova aba será aberta eo usuário será solicitado a fazer login no Gmail novamente. A barra de localização mostra o seguinte endereço: accounts.google.com, por isso mesmo o olho experiente pode ser enganado.

Story relacionado: vishing, smishing, e golpes de phishing são após sua informação e dinheiro

Once the sign-in is completed, the targeted account is compromised. Here is what one victim of the phishing scheme shares:

The attackers log in to your account immediately once they get the credentials, and they use one of your actual attachments, along with one of your actual subject lines, and send it to people in your contact list.

Por exemplo, they went into one student’s account, pulled an attachment with an athletic team practice schedule, generated the screenshot, and then paired that with a subject line that was tangentially related, and emailed it to the other members of the athletic team.

The whole process happens very quickly, and it is either automated or the attackers are on standby, processing the compromised accounts.

Once access to an account is obtained, the attacker has full access to all the victim’s emails, and is also granted access to other services accessible via the password reset mechanism. This includes other email accounts, SaaS services, etc.

Full description of this Gmail phishing attack is available at Wordfence.

Phishing Schemes Often Compromise Popular Service Like Google

Ano passado, Webroot researchers established that Google is the company with the largest negative impact of an impersonation. These are outlined as high-risk organizations, com 21% of all phishing sites in the period January-September 2016 impersonating Google.

Story relacionado: 21% de Tudo tentativas de phishing representar Google, Shows de pesquisa

No topo de tudo, attackers are restless when it comes to developing new tactics and attack vectors, and phishing is not an exception. Sensitive information is highly desirable, and the shift towards “malicious-software and-activities-as-a-service” only makes things worse.

phishing Estatísticas, atualização de abril 2017

LookingGlass Cyber Solutions has relatado an increase in phishing activity in the first week of April. Overall phishing activity increased by 30%, the most notable increase being registered in the Electronic Payment Systems industry:

Gmail phishing attempts haven’t been observed. Contudo, phishing attacks on other services have been. Dropbox has been targeted in April, 2017, via smartly crafted emails that look legitimate. One of the scams involving Dropbox was trying to harvest users’ Dropbox login credentials using an order request that looked like a legitimate one. The other scam was trying to steal the user’s email password via a fake file sharing request.

UMA LinkedIn phishing attack has also been detected being active in Mid-April. The scheme was trying to trick users of the professional network to upload their CVs. Scammers estavam enviando e-mails sobre alegadas “aberturas de trabalho para os usuários do LinkedIn ativos”.

As you have noticed, despite the different targets (Gmail, Dropbox, Facebook, LinkedIn, various banks, etc.) phishing emails always have a lot in common.

Tips to Protect Yourself from Phishing Attempts

  • Be careful with emails demanding personal information from you. Remember that legitimate services typically do not send such requests via email.
  • Don’t be tricked into giving away sensitive details, financial details included. Keep in mind that attackers may also use scare tactics to lure you into revealing personally identifiable information.
  • Be careful with generic-looking requests for information. A legitimate email from a legitimate organization such as one’s bank would know the person’s name. Phishing emails often begin with “Dear Sir/Madam”.
  • Don’t submit sensitive information via forms within email messages.
  • Don’t interact with links or attachments in an email unless you are absolutely sure the email comes from a trustworthy source.
  • Make sure that your anti-malware protection has a feature against phishing.

Baixar

Remoção de Malware Ferramenta


digitalizador Spy Hunter só irá detectar a ameaça. Se você quiser a ameaça de ser removido automaticamente, você precisa comprar a versão completa da ferramenta anti-malware.Saiba Mais Sobre SpyHunter Anti-Malware Ferramenta / Como desinstalar o SpyHunter

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerenciador de conteúdo que foi com SensorsTechForum desde o início. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:
Twitter

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...