For years we have known the vulnerability. It is not possible to know if the site is safe to browse. That makes users act cautiously. One of the most diligent security steps you can take is to set 2-step verification on your accounts, in order to have safe browsing experience.
Fortune’s most successful attempt at phishing is based on a trick in the address bar. The malicious trick doesn’t just work on Gmail.
Attached to this e-mail is a file, a seemingly innocent lies (or doc/pdf) with a convincing title (e.g. receipt/invoice).
When you click on the attached file to open it in your browser, the click takes you a page that should not be displayed. It is a page identical to the login/login page for an e-mail service (e.g. Gmail)
It appears as a secure web page with the green padlock and the https://accounts.google.com – look like Gmail login form
However, if the user pays close attention and feels surprised in the face of the service’s new, and essentially unjustified, request to resubmit their details. They are giving away their info so they can avoid trickery.
He should move the cursor to the address bar, double-click on the address, and then find that at the beginning of this url before https data:text/html precedes. The user may optionally shrink the displayed address by utilizing related services such as “bit.ly”, “tiny URL” etc. This means that it’s the data URI of HTML, not a URL referring to a web address. To execute a group of commands (script) and display a file, you have to intend it.
If the user doesn’t suspect that they’re being tricked by the dishonest appearance of this form when they provide a username and password, clicking on “Login” activates the hidden chain reaction.
While the perpetrators remain unknown, their attack exploits the user’s now intercepted details and log into his account to send the same malicious message to other contacts.
Google has recognized the problem and recommends Safe Browsing. Safe Browsing allows the user to check blacklisted websites by querying them.
At the same time, we recommend activating the double check, a two-step authentication process: login name and password as well as entering the code sent to you via text message every time you try to login.
To learn more about safe browsing , click here: https://safebrowsing.google.com/
More information about safe browsing and safe emails , here .
Author: PC-GR
