Gmail Cyber Attack: How the latest phishing attack infects users

Gmail Cyber Attack How the latest phishing attack infects users

The latest Gmail Cyber Attack features a very convincing – and functional – Gmail sign in page.

“Actual subject lines, with actual attachments, sent to people in your contact list.”

What’s the deal?

The latest phishing attack to hit cyber security headlines involves a very clever technique that convinces Gmail users to re-enter log in credentials.

How does it work?

This form of cyber attack composes an email by analysing past attachments and messages, creating a very familiar looking email and attachment that the recipient could be tempted to open. The attachment, when clicked on, will open a new tab linking to an image that replicates the google sign in page.

What to look out for

The sign in page will look similar to the one below, but if you look closely at the URL, you will see that is not legitimate.

Gmail Cyber Attack How the latest phishing attack infects users 1

Instead of a recognisable URL address, the address bar will look something like this:

Gmail Cyber Attack How the latest phishing attack infects users 2

What are the consequences?

Unfortunately, the hackers have created such a convincing sign in page, that many users will sign in here, in turn handing over log in details that will allow them to access your organisations data source.

By logging in, the hackers not only have access to sensitive data, the cyber attackers also have access to your email database. This allows the hackers to analyse your messages and attachments in order to create another round of familiar looking emails to target other Gmail users.

How do I protect myself against this type of Cyber Attack?

This convincing method of email phishing may seem almost unavoidable – but common sense and a little cyber-savvy know-how will help you to avoid falling into a cyber attack trap.

  • Check the URL. Double, triple, and quadruple check the address bar before you sign in to any familiar looking log-in screen. Don’t forget that however convincing it may look, the URL at the top of your screen may cause alarm bells to ring. If it does, close the window down.
  • Enable two-factor authorisation. This is a very simple, easy to set up, quick-win.
  • Ensure your data is backed up. A cyber attack such as this puts your corporate data sources at risk of being accessed by criminal hackers. Data can then be erased, held at ransom or tampered with. The best way to avoid this, is by ensuring that your data is backed up.

Choosing an online backup provider

Choosing an online backup provider will mean that in the event of a cyber attack, your critical data can be fully restored – allowing your organisation to continue running as normal.

Want to know more? Get in touch.

Speak to a cloud specialist today to learn more about how we can help your business