A reputated firewall has detected a new type of cyber attack that is better built and harder to catch than in kind of traditional phising scheme.
As you know millions of people doesn’t know how the chrome and the firefox display the data on their computer screen or any kind of gadget.
They are all displasure from this news and like this vulnerabilities with the chrome and firefox use.
“With access to users’ Google accounts, hackers can buy apps on Google Play, hijack Google+ accounts and access confidential Google Drive documents. The scam starts with an email allegedly sent by Google, with ‘Mail Notice’ or ‘New Lockout Notice’ as a subject,” reads Bitdefender’s announcement.
The email sent out to users indicates that their email accountswill be locked out in 24 hours due to not being able to increase the email storage quota. The message contains a link that urges users to click on “INSTANT INCREASE” to avoid having their accounts locked.When clicking the link, users are redirected to a Google login web page that, as in all similar attacks, imitates the authenticone and asks for user credential. Once they are provided, the account is compromised.
“What is interesting about this phishing attack is that users end up having the ‘data:’ in their browser’s address bar, which indicates the use of a data URI scheme,” Bitdefender adds.
Gmail phishing attack
Bitdefender explains that this allows scammers to include data in-line in web pages, making them appear to be external resources. This makes Google Chrome users that much more susceptible to the attacks since the browser doesn’t show the whole string, which makes it difficult for people to figure out if the site is safe or not.
You should always remember in such cases to check the email address of the sender by hovering the mouse cursor over the sender name and verifying if they match or not. If you open the message and choose to “show details” from below the sender’s name, you’ll be able to tell if the message really comes from Google or not.
On top of it all, Gmail doesn’t send unsolicited mass messages, and when it does send out a message, it’s usually easy to spot, with no confusing content, bad grammar or shady requests.
Refs from : latesthackingnews.com