Our GMail account is the gateway to a sea of private information. techniques to try to rob you.
With over 1 billion users worldwide, there is no doubt that GMail is one of the services of Electronic mail? Nico most used and, therefore, it is also the center of attention of those who are dedicated to exploiting security breaches or to deceive users to steal their access.
In our email we store all kinds of private communications and it is also the gateway to many third-party services, as well as the rest of Google services, of course. This is the new phishing to which you should pay attention.
Beware of attachments in GMail
It is known asphishing the techniques of identity theftFor example, when you receive an email in which your bank is supposed to request information. Fortunately, users are already more than used to these methods and we recognize these techniques at a glance by sending the email directly to the trash, although at the same time, unfortunately, there are still people who fall.
The latest technique detected by security researchers focuses directly on the GMail account theft.The procedure is simple, but if you are not careful it can end very badly.
Attackers send emails from GMail accounts that have already been hacked, so Google’s SPAM filter masquerades them as emails from normal users and does not go straight to the spam folder.
In these emails I attach a file, which is usually for example a PDF or a spreadsheet, or at least that is what we see with the naked eye, because it is actually a thumbnail image.
Opening this document will take us to a new browser tab that impersonates perfectly by Google loginThis is obviously where they try to steal our email and password, but the key is to look at the address bar of the browser: the address begins with data: text / html, so don’t even think about entering your data.
The question is that this data: text / html is followed by the classic https://accounts.google.com/ which is the official address of Google, so the less savvy could be confused and will consider the page good if you don’t pay attention. At the same time, neither Chrome nor any browser marks the page as unsafe because does not start with HTTPS, but the address to which the data is sent is hidden among a string of words and numbers.
As we can see, it is not exactly a tremendously advanced technique, but it plays once again with the carelessness of the users. Therefore, to avoid being deceived, you simply have to take a look at the address bar and check if it is indeed a safe and official website.
How to know if someone has logged into our account
If you think you have been a victim of this deception, the first thing you should do is immediately change your passwords We also recommend that you activate the verification in two steps.
You can also see where you are logged in with your accountTo do so, enter GMail and in the lower left part of the page you will see the recent activity, with the sessions started, the connection time, the IP and the button to immediately close all those sessions.