To the satisfaction of many users, the team of developers of Google Chrome solved this problem that was causing serious headaches for google chrome users. Earlier this month, the newest version of the most popular browser was released, Chrome 56.0.2924, is changing the behaviour of the search bar. After installing this new version you will now see a data URL, and an “Unsafe” message, which will help users realize that they should not trust the forms submitted to them through a data URL. Becoming an effective tool to avoid this specific phishing technique.
Currently, there is an extremely effective phishing technique whose main function is stealing login information.
What was discovered about this phishing attack
This technique has proven to be very effective working through Gmail and other services, it has gained much popularity recently among the invaders. In recent weeks, there have been reports of users with advanced technical level who were hit by this.
This attack is currently being used for the purpose of stealing login information from Gmail clients.
The way the attack works is simple does not require complexity, an attacker will send an email to your Gmail account. This email may come from a person you know and most likely had the account hacked using this same technique. There is also the possibility of being attached in the email something that looks like a sender image that you know about.
Usually, when you click on an image, Gmail shows a preview of the attachment, in which you have the option to save to google drive, download or just close the preview. At this point when the attack starts, a new tab opens and you are prompted by Gmail to sign in again. To avoid suspicion and give more legitimacy to the attack when you look at the search bar the address that appears is accounts.google.com. After login, your account will be compromised.
How to protect yourself from this attack
The safest way to protect against this attack is to change what is appearing on the search bar.
This phishing attack uses “Data URI” which includes a complete file in the browser location bar. When you look at the browser location bar and see “data: text / html …”, this is actually a very long string of text.
It is very important to check that there is nothing before the hostname “accounts.google.com” other than “https: //”. Be very careful with the green colour and the lock symbol on the left. If you can not verify the protocol and verify the hostname, stop and close the browser and consider that you may have just clicked to access the login page.
Enable two-factor authentication, if it is available for all the services you use. Gmail calls this “2-step verification.”
Important to prevent access to your email account
Always turn on two-factor authentication, as this makes it very difficult for an attacker to enter your email account, even if they can steal your password using this technique since two-factor authentication sends a text message to your phone to access.