(Yet) Another Sneaky Phishing Scam

Do you use Google Gmail? Well you could be in someone’s crosshairs as a potential victim of a phishing scam. Here’s how it works.

The Gmail Attachment Scam

You get an email that appears to have come from someone you know and presumably trust and there’s an attachment. You look at the attachment icon and see that it’s a PDF, JPEG or some other innocuous type of file … except that it’s not. This is a phishing scam.

What that attachment is, instead, is an image of an attached-file icon, and it has a link embedded. When you click on it, a window opens to what appears to be a Google sign-in page, but it’s a fraud. Because Google does seem to like having users sign in at times for no apparent reason, this may not strike you as strange, and you go ahead enter your ID and password. Then they’ve got you … you fell right into the trap!

What To Do

Keep in mind that the fake Google page looks just like the real thing. The only give-away (if you’re paying attention) is in the URL: accounts.google.com is preceded by “data:text [forward slash] html.” HINT: ALWAYS READ THE FULL URL AND MAKE SURE YOU AGREE WITH THE TEXT; IF IT LOOKS STRANGE … IT PROBABLY IS! (The wolf in sheep’s clothing surely had big hairy paws sticking out …)

Though this phishing scam targets Gmail users, the same trick could work against any web-based email user, so everyone be careful!