1.888.900.DRIZ (3749)
The Driz Group
  • Managed Services
    • SME CyberShield
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog
  • Managed Services
    • SME CyberShield
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog

Cybersecurity Blog

Thought leadership. Threat analysis. Cybersecurity news and alerts.

1/23/2017

0 Comments

Gmail Phishing Attack That Can Trick Even Most Savvy Users

 

A Sophisticated Phishing Attack

Gmail logo
As reported by several cyber security researchers, and the mainstream media, cyber criminals unleashed a new, sophisticated phishing campaign targeting both individuals and corporate Gmail users. In fact, it’s so sophisticated, that even savvy users are being tricked by it.

An email arrives with a link, and when clicked, it asks for your Gmail user credentials. The trick is that the page looks exactly like the original Gmail sign on page. When you enter your user ID and password, the attackers automatically log into your Gmail account. When they are in, they immediately begin gathering additional information to support further attacks. Appears that they are looking for the attachments you’ve previously shared with others, and gather email addresses from your contacts.
The contacts they gather, inevitably become new targets. Now rogue emails are coming from someone the victim knows.

It's very hard to notice foul play since the URl in the email is disguised very well. In most cases, victims won't even look at the address bar at the top to validate the website's authenticity.

How to protect yourself against phishing attacks?

Fortunately, you can protect your account almost instantly by enabling 2-step verification for your Gmail account. Even if you don’t use Gmail, and use another Cloud email service, we recommend that you enable a 2-step verification without delay.

When 2-step verification is enabled, unless cybercriminals have direct access to your smartphone, it would be nearly impossible for them to use your password, even if you have fallen victim to a phishing attack.

Instructions on enabling 2-step verification for Gmail (personal use):
https://support.google.com/accounts/answer/185839?hl=en

Instructions on enabling 2-step verification for Gmail (corporate accounts). Note that for corporate accounts, you need to share these instructions with your IT department, and Gmail administrator will be able to add the extra security centrally:
https://support.google.com/a/answer/184711?hl=en

Have questions? Please contact us and we will be more than happy to assist.

Stay safe!
0 Comments

Your comment will be posted after it is approved.


Leave a Reply.
Picture

1.888.900.DRIZ (3749)

Managed Services

Picture
SME CyberShield
​Web Application Security
​Virtual CISO
Compliance
​Vulnerability Assessment
Free Vulnerability Assessment
Privacy Policy | CASL

About us

Picture
Testimonials
​Meet the Team
​Subsidiaries
​Contact us
​Blog
​Jobs

Resources & Tools

Picture
​Incident Management Playbook
Sophos authorized partner logo
Picture
© 2025 Driz Group Inc. All rights reserved.
Photo from GotCredit