with a fix for the phishing scamAttack.Phishingthat affected users . A Chrome browser update , which has been rolling outVulnerability-related.PatchVulnerabilitysince February , now issues a warning when you 've landed on an page with the scam . In your browser address bar , look out for `` not secure '' to the left of the address . Fortune reports that in the future , Google will present this warning and indicate unprotected sites more aggressively with a red triangle . According to Satnam Narang , Senior Security Response Manager at Norton by Symantec , here 's how the Gmail phishing scamAttack.Phishingworks : You 'll see an email in your inbox from one of your contacts who has already been hacked . The email looks like it contains an attachment . But if you look closely , as this Twitter user did , you 'll notice that the image preview for the attachment looks slightly fuzzy . This is because there is n't actually an attachment , just an image designed to look likeAttack.Phishingone . If you click on the image you 'll be directed to a page that looks like the standard Google sign-in page . If you log-in there , the damage is done : The hacker can read and downloadAttack.Databreachall of your emails and could also accessAttack.Databreachaccounts elsewhere . In the past , you might have recognized a scam by the language in the email . But Narang says that there are reports that these hackers are sendingAttack.Phishingemails that look realistic . In one school district , for example , team members received what looked likeAttack.Phishinga copy of a practice schedule . Still , there are things you can look out for to spot a fake . `` The best way to identify this attack is to look at the address bar . In this case , look for the words 'data : /text/html ' at the beginning of the URL , '' Narang says . `` If you see this , close the browser tab and alert your friend that their account has been compromisedAttack.Databreach. '' Narang also recommends setting up two-step verification for your Gmail account ( find out how to do so here ) . And follow these rules for boosting your password strength . In a statement about the attack , a Google spokesperson said , `` “ We 're aware of this issue and continue to strengthen our defenses against it . We help protect users from phishing attacksAttack.Phishingin a variety of ways , including : machine learning based detection of phishing messages , Safe Browsing warnings that notify users of dangerous links in emails and browsers , preventing suspicious account sign-ins , and more . Users can also activate two-step verification for additional account protection. ” Above all , think twice before clicking on something . We 're starting to see more sophisticated scams , so being vigilant will only help you in the long-run .
According to the Graham Cluley , hackers are conducting phishing attacksAttack.Phishingon gamers using two types of emails to steal their login credentials . Hackers are sendingAttack.Phishingemails to World of Warcraft players making them believe that they have won a prize followed by a link to claim it by putting their Blizzard account credentials . The items used in the email are “ Battlepaw ” an in-game pet , and a flying mount called “ Mystic Runesaber ” . Both these items are legitimate and can be bought in the game , which makes these emails more believable , but of course , it ’ s all just a lie . Once you click the email , a new window will appearAttack.Phishingasking you to enter the login details of your blizzard account , and if you do that , the hacker will receiveAttack.Databreachyour information , which can either be sold or used personally . “ You are receiving this e-mail because your friend has purchased World of Warcraft In-Game Pet : Brightpaw for you as a gift ! This would have been a perfect scam if not for the two obvious flaws in the email . First one is the suspicious looking question mark after Battle dot net , and the second one is named Blizzard Entertainment wrote at the end of the email . Like all the other phishing scamsAttack.Phishing, this one also relies on the poor judgment of the recipients and to make sure that you do not fall into this trap you must be very careful when you receive an email from an unknown sender
Unit 42 , Palo Alto Networks ’ threat intelligence research arm , has uncovered evidence of links between attacks using two new malware families and two families of Google Android malware . This has been discovered as part of work on preventing and detecting targeted attacks in the Middle East . The attackers favour using URL shortening services to disguiseAttack.Phishingthe true links they are sendingAttack.Phishingin spear phishing emails . A number of samples analysed were linked via the URL shortening service “ bit.ly ” . The URL shortening service then redirects users to the malicious payload hosted on attacker controlled pages . Another method favoured by the attackers was the setting upAttack.Phishingof fake news sites