is hittingAttack.PhishingGmail users and trickingAttack.Phishingmany into inputing their credentials into a fake login page . The phishers startAttack.Phishingby compromising a Gmail account , then they rifle through the emails the user has recently receivedAttack.Phishing. After finding one with an attachment , they create an image ( screenshot ) of it and include it in a reply to the sender . They use the same or similar subject line for the email , to invoke recognition and automatic trust . “ You click on the image , expecting Gmail to give you a preview of the attachment . Instead , a new tab opens up and you are prompted by Gmail to sign in again , ” WordFence CEO Mark Maunder warns . The phishing page is a good copy of Gmail ’ s login page , and its URL contains the accounts.google.com subdomain , which is enough to foolAttack.Phishingmany into believing that they are on a legitimate Google page . “ This phishing techniqueAttack.Phishinguses something called a ‘ data URI ’ to include a complete file in the browser location bar . When you glance up at the browser location bar and see ‘ data : text/html… .. ’ that is actually a very long string of text , ” Maunder explained .
It is – or it should be – a well known fact that attackers occasionally email potential victims with PDF attachments containing malware or exploit code . But the latest attacksAttack.Phishingthrough PDF attachments are geared towards pushingAttack.Phishingusers to enter their email account credentials into well-crafted phishing pages . Microsoft security experts saw a lot of variants of the same attackAttack.Phishing, and they all startAttack.Phishingwith spoofed emails supposedly delivering asked-for documents . In one variation , the PDF makes it look like there has been an error , and the document can only be displayed with Microsoft Excel . But instead of actually opening it with their own software , potential victims are urged to open it by following the link offered in the PDF : If they do that , they will be redirected to a web page that makes it seem like the document can only be opened if the user signs in with their email credentials . In another variant , the PDF urges users to click on a link that will supposedly allow them to view a Dropbox-hosted document online . “ Social engineering attacks are designed to take advantage of possible lapses in decision-making . Awareness is key ; that is why we ’ re making these cybercriminal tactics known , ” Microsoft ’ s Alden Pornasdoro explained . “ In these times , when we ’ re seeing heightened phishing attacksAttack.Phishingwith improved social engineering techniques , a little bit of paranoia doesn ’ t hurt . For instance , question why Adobe Reader is trying to open an Excel file .