A recent article in Computer Weekly revealed a new phishing scheme that poses as Google with “New lockout Notice” or “Mail Notice” in the subject line. You are then warned that your account will be disabled if you don’t click the link in the body of the email:
“This is a reminder that your email account will be locked out in 24 hours due to not being able to increase your email storage quota. Go to the INSTANT INCREASE (this is the fatal link) to increase your Email storage automatically.”
If you click on the link you are redirected to a fake login page. If you enter your password, the criminals steal it and can use your account to email your contacts, buy Google Play apps, and access your private documents. Chrome users are the primary target, but Firefox is also vulnerable.
The article says that this particular attack exploits Google Chrome’s uniform resource identifiers (URIs) using Base64 encoding, “in this case supplying the content of the fake web page in an encoded string in the data URI.” Because the entire string does not show up in Chrome, the phishing attack looks like legitimate communication from Google.
URI manipulation is tricky because the email contains data-in-line in web pages and the browser’s address bar contains the data, making it appear to be valid. This type of phishing effort is difficult to detect using conventional heuristic methods.
Users should be aware that legitimate businesses do not send unsolicited email asking for log in credentials.
As phishing attacks become more sophisticated, it is important to be proactive. A complete network security program can mitigate risks. EdgeWave’s unique hybrid of human analysis and continuous automated network monitoring filters out bad email before it tempts anyone to click on a malicious link. Call 1 800 782 3762 or visit www.edgewave.com