Beware “Fake Attachment” Gmail Phishing Scam

Recently a new Gmail Phishing Scam was found. It is clever and just might dupe you if you’re not careful.

The attacker creates an email address to disguise themselves as someone you know. Then they send you an email with an attachment, like a PDF or Word doc, that looks legitimate. When you click the attachment to see a preview of it, you get redirected to a Google sign-in page where you enter your credentials.

Those attachments aren’t attachments—they’re embedded images designed to look like attachments that link out to a fake Google sign-in page.

Everything about the fake Google sign-in page looks normal. The logo, text boxes, and tagline are all there. The only difference is in the address bar, the page is actually a data URI with the prefix “data:text/htyml”, not a URL with the standard “https://”. But if you don’t spot it, the attackers get your information and use it to send out more of the same phish emails to your contacts.


%d bloggers like this: