There's a new Gmail-related news that users are definitely not going to be happy about. A new phishing technique has been making rounds online that composes convincing emails by copying your past messages and attachments that have been browsed through by hackers.
According to a post by Mark Maunder, The CEO of popular WordPress security plugin Wordfence, they discovered the cyberattack. The attack works in two main parts. First, the hacker will compromise your Gmail account and browse through your list of contacts. The hacker then sends a seemingly authentic email with an attachment which appears to be a PDF with a familiar file name. The attacker will also mimic subject lines from previous emails. The second part is that the PDF is actually a smartly camouflaged image which will bring you to a new tab with a functional Gmail sign-in page once the attachment is clicked.
The attack's Gmail sign-in page is very convincing that a lot of users, including experienced technical users, are tricked into immediately providing their login credentials.
If you are looking to protect Gmail account from, which you definitely should, you need to be extra cautious when you check the location bar. Checking to see if you are on 'accounts.google.com' in the location bar is not enough. If you happen to see "data:text/html...," you're in for a possible trouble. Wordfence says that users need to verify the protocol, then verify the hostname. Users must be certain that there isn't anything before the hostname 'accounts.google.com' other than "https://" and the green lock symbol.
According to Aaron Stein from Google Communications, Google is aware of the issue and is working to strengthen its defense from phishing attacks. Other security measures users can apply is the two-step verification and check Gmail sign-in history to check time, dates, and IP addresses for suspicious activities.