Don’t fall for this ingenious fake attachment scam in Gmail

| Filed under: General News
Don’t fall for this ingenious fake attachment scam in Gmail

There are phishing scams, and then there are those that are so damn clever that… sorry, scratch that. Phishing scams are the worst, and those that run them deserve infuriatingly slow internet access for the rest of their damned lives.

This new one doing the rounds in Gmail inboxes is one that appears to include an attachment, which in reality isn’t an attachment at all. Instead, it’s just an embedded image that looks like one:

If you click it, as we’re generally wont to do when we spot an attached file, you’ll be taken to a Google sign-in page where you’re asked to enter your password. Of course, this is also fake; Lifehacker notes that the page is actually a data URI with the prefix “data:text/html”, not the usual HTTPS-secured URL that you’d expect. Falling into the attackers’ trap could see them misuse your credentials for all kinds of things, including sending more such scam emails to your contacts.

As IP protection firm WordFence noted, Chrome v56.0.2924 attempts to address issues like this by displaying a “Not Secure” message in the address bar on the form page – but it’s not likely that everyone will spot it. In addition to checking the URL the next time you click an attachment in Gmail, be wary of attachments from people you don’t know – and people you do as well, because their accounts may have been compromised.

Source: TNW

Endorsed by the Law Society

The ABI is the only association in this industry to be endorsed by the Law Society of England and Wales, and included in the Law Society of Scotland's approved Supplier Scheme.

The highest independent professional bodies for solicitors put their trust in us. We’re confident you can do the same.

Law Society logo
Scotland Law Society logo
Thank you, your message has been sent.
A member of our team will be in touch shortly.