Hackers seem to constantly be coming up with new ways to steal your information, and experts have recently begun to alert Gmail users to the newest technique. Satnam Narang, who serves as the Senior Security Response Manager at Norton by Symantec, has reported that scammers are sending emails to people from their email contacts who have already been hacked.
This is disturbingly clever. You get sent to a text/html data URI! Not testing any further but, blimey, talk about using power for evil. pic.twitter.com/TamVn7DBfW
— Tom Scott (@tomscott) December 23, 2016
When users receive the email, it looks like it contains an attachment, but it is actually an image that is embedded into the email. Once users click on it to open it, they are sent to what appears to be a Google sign in page. But once someone signs in, the hackers will be given all of their information.
Narang says that these emails appear to be very professional and look way more realistic than the typical phishing email. And people are falling for the scam. At one high school, someone’s hacked account sent around what looked like a practice schedule, which led to more compromised accounts.
But Narang says there are things you can do to prevent this from happening. He says the best way to identify the email as a scam is to look at the address bar. If the text ‘data:/text/html’ appears in the URL, you should close your browser and alert the person who sent the email that their account has been hacked.
You can also enable two-step verification on your Gmail account, which will help keep your information private even if you do fall for the scam.
Google has issued a statement about the issue, saying that they are aware of the problem. They added that they are working to strengthen their defenses against things like this and hope to help protect their users from phishing attacks by using machine learning-based detection, safe browsing alerts, and other techniques to deter suspicious activity on an account.