New Scam Campaign Focuses on Google Passwords

by

Bitdefender experts recently discovered a fresh, well-crafted scam attack designed to take victims’ Google sign in credentials.

A spammy e-mail using the subject “Mail Notice” or maybe “New Lockout Notice” says, “This is a reminder that your email account will be locked out in 24 hours. Due to not being able to increase your Email storage Quota. Go to the INSTANT INCREASE to increase your Email storage automatically.”

Receivers who simply click the link inside the e-mail at “INSTANT INCREASE” are forwarded to a fraudulent Google sign in webpage.

Exactly what is significant about this panic, reported by Bitdefender, is the fact that the web browser address bar just displays “data:,” that signifies the usage of a data Uniform Resource Identifier (URI) scam. “The data URI scheme allows scammers to include data in-line in web pages as if they were external resources,” according to the Bitdefender expert Bianca Stanescu. “The scheme uses Base64 encoding to represent file contents, in this case supplying the content of the fake web page in an encoded string within the data URI.”

“As Google Chrome doesn’t show the whole string, regular users have a hard time figuring out they are targeted in a phishing attack and may give their data to cyber-criminals,” Stanescu says.