If you’ve received an email on your Gmail account that has led to a prompt to sign in with your account again, you better double check everything first before clicking on that. That’s because a new phishing technique has been making the rounds, mostly targeting unsuspecting Gmail users to steal their login credentials and effectively gain access to private information. While it may be more difficult to detect as even the more technical users have been hit, there are still ways to avoid this kind of fraud.
It is harder to detect that it is a phishing technique since the email sometimes come from a contact who themselves may have been hacked in the same manner. It sometimes has an attachment of an image that you recognize from the sender. When you click it to see a preview, you will instead be led to a new tab where you will be asked to sign in and since you see an accounts.google.com thing somewhere in the location bar, you don’t think twice. But once you actually sign in, your account has already been compromised.
The attackers would then almost immediately sign in to your account and have access to all your digital correspondence and may also use it to phish other accounts in your network. It is difficult to detect this as it has almost the same URL as a regular Gmail account and even the sign-in page looks almost the same. Google says they are “aware of the issue” and is working on strengthening their security, so you probably have to work on it yourself.
So what you have to do is to be vigilant about looking at the URL. If it contains a long string of data, then that should raise your suspicion. Make sure there is nothing before the hostname, except for ‘https://’. Make sure to verify the protocol and also the hostname, and also enable two-factor authentication or verification so they won’t easily get access in case your main log-in has already been compromised.
VIA: Wordfence