HOTforSecurity
  • Home
  • Threats
    • Security alerts
    • Social Networks Security
    • Mobile & Gadgets Security
    • Tips and Tricks
  • Smart Home Security
  • Digital Privacy
    • Digital Identity
    • Good Practices
    • Data Breach Alerts
  • Work from Home: Safety Tips
  • The ABC of Cybersecurity
  • Security Videos
HOTforSecurity
  • Home
  • Threats
    • Security alerts
    • Social Networks Security
    • Mobile & Gadgets Security
    • Tips and Tricks
  • Smart Home Security
  • Digital Privacy
    • Digital Identity
    • Good Practices
    • Data Breach Alerts
  • Work from Home: Safety Tips
  • The ABC of Cybersecurity
  • Security Videos
HOTforSecurity
  • Home
  • Threats
    • Security alerts
    • Social Networks Security
    • Mobile & Gadgets Security
    • Tips and Tricks
  • Smart Home Security
  • Digital Privacy
    • Digital Identity
    • Good Practices
    • Data Breach Alerts
  • Work from Home: Safety Tips
  • The ABC of Cybersecurity
  • Security Videos
Bianca STANESCU
1 Comment
    Share This!
  • Facebook
  • Twitter
  • Pinterest
  • LinkedIn
  • ReddIt
Alerts • E-Threats

Hackers Steal Google Account Passwords in Better Crafted Phishing Attack

May 13, 2014
2 Min Read

Hackers grab Google account passwords in a new, better crafted phishing attack that is hard to catch with traditional heuristic detection. A particularity in how Google Chrome displays data: URIs makes Chrome users more vulnerable. The phishing attack also targets Mozilla Firefox users.

With access to users’ Google accounts, hackers can buy apps on Google Play, hijack Google+ accounts and access confidential Google Drive documents.

The scam starts with an email allegedly sent by Google, with “Mail Notice” or “New Lockout Notice” as a subject.

“This is a reminder that your email account will be locked out in 24 hours,” the e-mail reads. “Due to not being able to increase your Email storage Quota. Go to the INSTANT INCREASE to increase your Email storage automatically.”

When clicking the INSTANT INCREASE link, users are redirected to a Google login web page that imitates the authentic one and asks for their credentials.

Hackers Steal Google Account Passwords in Better Crafted Phishing AttackWhat is interesting about this phishing attack is that users end up having the “data” in their browser’s address bar, which indicates the use of a data Uniform Resource Identifier scheme.

The data URI scheme allows scammers to include data in-line in web pages as if they were external resources. The scheme uses Base64 encoding to represent file contents, in this case supplying the content of the fake web page in an encoded string within the data URI.

As Google Chrome doesn’t show the whole string, regular users have a hard time figuring out they are targeted in a phishing attack and may give their data to cyber-criminals.

Scammers usually pose as services that contact people by e-mail for announcements or notifications. Google, Facebook, eBay, phone services and financial institutions are among phishers’ favorite disguises to invade inboxes worldwide.

A similar attack recently targeted Google Drive’s landing page to grab Gmail credentials.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

This article is based on the technical information provided courtesy of Alin DAMIAN and Andrei SERBANOIU, Bitdefender Online Threats Researchers.

Tagsgmail Google Account hackers Hacking passwords phishing attack slider steal

You may also like

Alerts • Digital Privacy

How Bitdefender Protects You from Ransomware (Part 2)

11 hours ago
Alerts • Digital Privacy

How Bitdefender Protects You from Ransomware (Part 1)

1 week ago
Alerts

Feeling Lucky This Holiday Season? COVID-19, Google and Microsoft ‘Lotteries’ are Out for Your Info and Money

1 month ago

About the author

View All Posts

Bianca STANESCU

Bianca Stanescu, the fiercest warrior princess in the Bitdefender news palace, is a down-to-earth journalist, who's always on to a cybertrendy story. She's the industry news guru, who'll always keep a close eye on the AV movers and shakers and report their deeds from a fresh new perspective. Proud mother of one, she covers parental control topics, with a view to valiantly cutting a safe path for children through the Internet thicket. She likes to let words and facts speak for themselves.

1 Comment

Click here to post a comment
  • data: in the browser address bar may indicate a phishing site - progress says:
    August 26, 2014 at 8:14 am

    […] new trend  is a use of data: uniform apparatus identifiers (URIs). The Hot for Security blog describes one of a attacks targeting Chrome users and their Google login in […]

Animal Lovers Lose Thousands of Dollars after Falling for Pet Scams
WooThemes hacked. Premium WordPress theme manufacturer warns of credit card leak
    Share This!
  • Facebook
  • Twitter
  • Pinterest
  • LinkedIn
  • ReddIt

Promo

1.3m
Fans
Like
104.7k
Followers
Follow
2.7k
Subscribers
Subscribe
19
Subscribers
subscribe
1.4m
Fans Love us

Recent shouts

  • Meurig Parri on Microsoft Ends Support for Windows 7. What You Need to Know
  • Kevin on Cable Haunt vulnerability affects millions of Broadcom cable modems
  • Terry on Ransomware attack forces Arkansas CEO to fire 300 employees days before Christmas
  • Martin on 1&1 Telecom GmbH hit by almost €10 million GDPR fine over poor security at call centre
  • Xander on 1&1 Telecom GmbH hit by almost €10 million GDPR fine over poor security at call centre

Time Machine

January 2021
M T W T F S S
 123
45678910
11121314151617
18192021222324
25262728293031
« Dec    

ANTIVIRUS SOFTWARE FOR HOME USERS

Bitdefender Cybersecurity for Smart Home
Bitdefender Complete Protection
Bitdefender PC Protection
Bitdefender Antivirus for Mac
Bitdefender Mobile Security for Android
Bitdefender Product Comparison

BUSINESS SOLUTIONS

Bitdefender GravityZone Business Security
Bitdefender GravityZone Advanced Business Security
Bitdefender GravityZone Enterprise Security
Bitdefender Hypervisor Introspection

TOOLS & RESOURCES

Renewal for Business Customers
Trial Downloads
Free Antivirus
Free Online Virus Scanner
Free Virus Removal Tools
Live Remote Assistance
Free Tools
Bug Bounty
Press Center

Powered by Bitdefender - a leading cyber security technology provider | Copyright © 2008 - 2016. All rights reserved.
  • Home
  • The Team
  • Terms and Conditions
  • Contact
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok