430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

A new phishing scheme is being used to steal Google Account credentials

Security experts at Bitdefender discovered a new ingenious phishing scheme that is being used by hackers to steal Google Account credentials. Security experts at Bitdefender have discovered a news phishing scheme adopted by hackers to steal Google Account passwords. The new phishing attack is hard to catch with traditional heuristic detection, it mainly affects Google Chrome and […]

A new phishing scheme is being used to steal Google Account credentials

Security experts at Bitdefender discovered a new ingenious phishing scheme that is being used by hackers to steal Google Account credentials.

Security experts at Bitdefender have discovered a news phishing scheme adopted by hackers to steal Google Account passwords.

The new phishing attack is hard to catch with traditional heuristic detection, it mainly affects Google Chrome and Mozilla Firefox internet browsers.

The hackers send an email that pretends to be from Google, it warns victim that his account will be locked in the next 24 hours because the associated InBox has reached the maximum capability.

“With access to users’ Google accounts, hackers can buy apps on Google Play, hijack Google+ accounts and access confidential Google Drive documents,”“The scam starts with an email allegedly sent by Google, with “Mail Notice” or “New Lockout Notice” as a subject.” reports Catalin Cosoi, chief security strategist at Bitdefender  in the official blog post.

To avoid that the Google account will be “locked in 24 hours” the user is invited to go to the “INSTANT INCREASE” link, but the link redirects victims to a bogus Google web log-page. Using this artifice, hackers can steal Google account credentials within the browser.

phishing scheme against Google account 2

Cosoi explained that it is very difficult for users to note the attack because the fake Google web log-page goes undetected by Google’s Chrome uniform resource identifiers (URIs). The attackers exploit the way Google Chrome displays “data:” URIs.

Users will display “data:” in the address bar of their browser, which indicates the use of a data Uniform Resource Identifier scheme, the URI scheme allows attackers to include data in-line in web pages as if they were external resources.

“The scheme uses Base64 encoding to represent file contents, in this case supplying the content of the fake web page in an encoded string within the data URI. As Google Chrome doesn’t show the whole string, regular users have a hard time figuring out they are targeted in a phishing attack and may give their data to cyber-criminals.” states the post.

 

phishing scheme against Google account

Bitdefender says that the scammers are able to avoid detection, by using a data URI scheme, which includes data in-line web pages as if they are external sources. The content from the fake webpage is encoded in the string with the data URI scheme, the attackers used Base64 coding to represent the file contents.

According Bitdefender the more than a thousand users were deceived by the phishing scheme.

“So far, more than a thousand users clicked on a single shortened URL used in the cyber-campaign. The numbers are without doubt a lot higher, as scammers create more than a single URL when crafting a phishing wave,” added Cosoi.

Phishing is becoming one of the most popular fraudulent activities in the cyber criminal ecosystem, hackers are exploiting new platforms like mobile and social media according the report of principal security firms.

Cyber criminals are trying to make phishing attacks harder to detect optimizing their email targeting, attackers are demonstrating to be able to find new methods of bypassing checks implemented by email providers and security firms.

Usually a targeted attack exploits the “human factor“, phishing offensives rely on social engineering techniques that is why is important to inform users of the tactics adopted by cyber criminals.

Organisations must train their personnel to reduce their human attack surface and avoid to be victims of such attacks.

Be careful!

Pierluigi Paganini

(Security Affairs –  Google account, phishing)