It has been reported that hackers likely based in the Middle East have launched a new Gmail phishing campaign that’s trying to trick users into surrendering control Google accounts. The hackers do it by defeating Google’s own anti-spam software and sending what appears to be a legitimate Gmail message that redirects users to a fake Google Drive page that tricks them into giving up their username and password.
Kevin Epstein , VP, Advanced Security and Governance at Proofpoint, explains what the implications of clicking on the malicious link could be and how users can know if they have been if they affected:
Kevin Epstein, VP, Advanced Security and Governance at Proofpoint :
What can hackers do to those that click on the malicious link?
“Users who submit their username and password have made their account available to the attackers – exposing any information therein, which may contribute to identity theft or fraud, and enabling attackers to use the legitimate email account to target other victims. Additionally, given the subsequent redirect to a PDF file, it seems likely attackers were subsequently attempting to place malware on victim machines… which, if achieved, could give the attackers complete control over a user’s machine and access to any networks to which that machine was attached”
How will users know they have been affected?
“The attackers were incautious in this case – they immediately redirected to a PDF file rather than simply putting up an error page and redirecting to the legitimate login page. In most successful attacks, users won’t know they’re compromised until a modern targeted attack detection or threat response system notifies network administrators of the compromise. Such attacks are effectively invisible to the end-user. See here for an example: (a “live” view of an attack from a user’s eyes) and (narrated explanation w. schematic of what happens behind the scenes).