Home / News / Internet News / Gmail hacked? Here's how to protect yourself against the latest phishing scam

Gmail hacked? Here's how to protect yourself against the latest phishing scam



Gmail users are being targeted by a new phishing scam that has been fooling even the most informed tech enthusiasts.

As Mark Maunder, CEO of Wordfence, explains, users are being sent an email with an attachment, which when clicked, opens a new window to what looks like a Gmail login page.

The page is, of course, a fake, and entering your login details will immediately send them to the hackers behind this latest email scam.

Related: MWC 2017

But what's most troubling about the email is that the hackers have managed to make it look like it comes from one of your own contacts – i.e. someone they've already hacked.

The subject of the email will likely be based on a subject you've discussed with the contact previously, and the name of the attachment will probably have been given a convincingly familiar title.

What's more, the URL that opens when you click the attachment looks very similar to the legitimate Google login page address.

While the official URL is "https://accounts.google.com/ServiceLogin?", the fake address appears as "data:text/html,https://accounts.google.com/ServiceLogin?"

gmail scamHow the legitimate address should appear

The convincing login page looks almost identical to the official version, too, making this a particularly effective hoax.

If you're worried you may have received one of these emails, there's a few things you can do, starting with making sure the login page URL is legitimate.

If the address begins with "data:text", or if there's any text other than "https://" before the "accounts.google.com", it's not the real deal and you should close the page immediately.

The "https" part of the URL should also be green and appear next to a lock symbol if the page is legitimate.

Google responded to Mauder's post with the following: "We’re aware of this issue and continue to strengthen our defenses against it.

"We help protect users from phishing attacks in a variety of ways, including: machine learning based detection of phishing messages, Safe Browsing warnings that notify users of dangerous links in emails and browsers, preventing suspicious account sign-ins, and more.

"Users can also activate two-step verification for additional account protection.”

Two-factor verification will make it harder for anyone to log into your Google account by sending a verification code to your phone, and can be enabled by visiting this page.

WATCH: What's the no.1 smartphone in the world?

Let us know whether you've received a scam email in the comments.


January 18, 2017, 7:52 pm

It would be helpful to say what the email itself says...

Kim Ordish

January 18, 2017, 9:41 pm

I have been hit with something, because my GMail account keeps sending out emails I have not sent, and they keep coming back marked as "Bounce"

T.L. :p

January 19, 2017, 5:52 am

You are safe if you have no contacts right?

Hamish Campbell

January 19, 2017, 9:17 am

Safe, but very lonely.


January 19, 2017, 1:15 pm

Seriously? If people are so dumb to fall for this, they shouldn't be allowed to have internet access....


January 19, 2017, 1:16 pm

Your account has likely been compromised. You should change your password immediately.


January 19, 2017, 5:06 pm

did you read the article?

T.L. :p

January 20, 2017, 10:10 pm

Story of my life lol

T.L. :p

January 20, 2017, 10:20 pm

Alot of people don't know much about computers, there is a time where everyone falls for scams, unfortunately people don't know about scams until they get scammed and hacked themselves

Just because you don't fall for them doesn't mean other people won't fall for them to, if people fall for them then it simply means they haven't learned about scams yet

comments powered by Disqus