Ramblings of an old Doc
It even fools the pros.
Published on January 20, 2017 By DrJBHL In Personal Computing


Generally, you can tell a phishing attack from bad grammar and spelling, or a fishy url (sorry, I couldn't resist).

This time, it's different:

"An email lands in the target inbox from the hacked address, and here's where it gets tricky: The phishing email uses a legitimate subject line, text, and attachments from emails already sent by that account, making it look completely legitimate.

The phishing email comes with an "attachment" that is actually a screenshot of an attachment sent by that account in the past, like a spreadsheet or a PDF, for example. The trick is that the fake attachment screenshot is an embedded image with a link in it that takes the victim to what looks like a Google login page.

Thinking they need to re-authorize their account to view the attachment the user logs in, and their account is now in the hands of hackers. The cycle starts all over again—just one compromised account has the potential to affect dozens more." - TechRepublic

Luckily, it isn't perfect. "There's just one exception, and it's the key to avoiding it: The URL is preceded by "data:text/html." That prefix is telling your web browser to treat the document at the phishing website as HTML, which in turn is generating an address that looks just like a real Google login page, complete with the appropriate URL. The second you log in hackers have access to your account, and victims have said they're taking advantage of it right away." (ibid).

Two-factor authentication is a good way to proactively secure Google and other accounts from phishing and hacks. Take the time to do it now.




on Jan 20, 2017

Thanks for the heads up, Doc.

Also saw a page pop up while using Google Chrome this morning announcing a 'Critical Chrome Update' with a button to click.  Since Chrome does its own background updating, it was clearly a phishing page.  Should be on the lookout for that, too.  I was viewing only the legitimate websites I visit every day & it just popped open in a new tab.

on Jan 20, 2017

Good lookin' out Doc. I see a lot that come to my inbox complete with attachments. Some even from 'legit' websites like publishers clearing house. I don't trust any of that stuff...no! The only ones I trust are the ones I know are coming, having been told ahead of time. Delete...delete...delete. 

on Jan 20, 2017

Thanks for the info, Doc.  I'll be on the lookout even moreso now.  I generally delete all emails I'm not expecting, especially those with attachments.  If I've made an online purchase and I'm expecting an email with an attached receipt, that's one thing, but unsolicited stuff is exterminated without due process or a trial.

Recently my junk folder is being inundated with spam for online gambling and lotteries.  NO thanks, with a capital PISS OFF.  I never gamble on poker machines or lotteries in the real world, so why would I do it online, where I'd have even less control over what happens?

There's a never ending queue of people and organisations wanting your money, and today, more than ever, we have to be evermore vigilant as online scammers continue to find new ways to dupe the innocent into being robbed, etc.

on Jan 21, 2017

Good to know Seth.