HOTforSecurity
  • Home
  • Threats
    • Security alerts
    • Social Networks Security
    • Mobile & Gadgets Security
    • Tips and Tricks
  • Smart Home Security
  • The Safe Nomad
    • The Safe Nomad

      Safe Nomad (10). Sarah Kuhlemann, Germany: “Freedom offsets all worries and doubts.”

      September 15, 2017
      The Safe Nomad

      The Safe Nomad (9). Michael Pinatton, France: “Security is a mindset.”

      September 8, 2017
      The Safe Nomad

      The Safe Nomad (8). Sophia Cheng and Jayme Elkins, UK. The life of a nomadic couple.

      September 2, 2017
      The Safe Nomad

      The Safe Nomad (7). Anthony Galli, USA. “Failure is not an option.”

      August 23, 2017
  • The ABC of Cybersecurity
  • Security Videos
HOTforSecurity
  • Home
  • Threats
    • Security alerts
    • Social Networks Security
    • Mobile & Gadgets Security
    • Tips and Tricks
  • Smart Home Security
  • The Safe Nomad
    • The Safe Nomad

      Safe Nomad (10). Sarah Kuhlemann, Germany: “Freedom offsets all worries and doubts.”

      September 15, 2017
      The Safe Nomad

      The Safe Nomad (9). Michael Pinatton, France: “Security is a mindset.”

      September 8, 2017
      The Safe Nomad

      The Safe Nomad (8). Sophia Cheng and Jayme Elkins, UK. The life of a nomadic couple.

      September 2, 2017
      The Safe Nomad

      The Safe Nomad (7). Anthony Galli, USA. “Failure is not an option.”

      August 23, 2017
  • The ABC of Cybersecurity
  • Security Videos
HOTforSecurity
  • Home
  • Threats
    • Security alerts
    • Social Networks Security
    • Mobile & Gadgets Security
    • Tips and Tricks
  • Smart Home Security
  • The Safe Nomad
    • The Safe Nomad

      Safe Nomad (10). Sarah Kuhlemann, Germany: “Freedom offsets all worries and doubts.”

      September 15, 2017
      The Safe Nomad

      The Safe Nomad (9). Michael Pinatton, France: “Security is a mindset.”

      September 8, 2017
      The Safe Nomad

      The Safe Nomad (8). Sophia Cheng and Jayme Elkins, UK. The life of a nomadic couple.

      September 2, 2017
      The Safe Nomad

      The Safe Nomad (7). Anthony Galli, USA. “Failure is not an option.”

      August 23, 2017
  • The ABC of Cybersecurity
  • Security Videos
Bianca STANESCU
1 Comment
    Share This!
  • Facebook
  • Twitter
  • Google Plus
  • Pinterest
  • LinkedIn
Alerts • E-Threats

Hackers Steal Google Account Passwords in Better Crafted Phishing Attack

May 13, 2014
2 Min Read

Hackers grab Google account passwords in a new, better crafted phishing attack that is hard to catch with traditional heuristic detection. A particularity in how Google Chrome displays data: URIs makes Chrome users more vulnerable. The phishing attack also targets Mozilla Firefox users.

With access to users’ Google accounts, hackers can buy apps on Google Play, hijack Google+ accounts and access confidential Google Drive documents.

The scam starts with an email allegedly sent by Google, with “Mail Notice” or “New Lockout Notice” as a subject.

“This is a reminder that your email account will be locked out in 24 hours,” the e-mail reads. “Due to not being able to increase your Email storage Quota. Go to the INSTANT INCREASE to increase your Email storage automatically.”

When clicking the INSTANT INCREASE link, users are redirected to a Google login web page that imitates the authentic one and asks for their credentials.

Hackers Steal Google Account Passwords in Better Crafted Phishing AttackWhat is interesting about this phishing attack is that users end up having the “data” in their browser’s address bar, which indicates the use of a data Uniform Resource Identifier scheme.

The data URI scheme allows scammers to include data in-line in web pages as if they were external resources. The scheme uses Base64 encoding to represent file contents, in this case supplying the content of the fake web page in an encoded string within the data URI.

As Google Chrome doesn’t show the whole string, regular users have a hard time figuring out they are targeted in a phishing attack and may give their data to cyber-criminals.

Scammers usually pose as services that contact people by e-mail for announcements or notifications. Google, Facebook, eBay, phone services and financial institutions are among phishers’ favorite disguises to invade inboxes worldwide.

A similar attack recently targeted Google Drive’s landing page to grab Gmail credentials.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

This article is based on the technical information provided courtesy of Alin DAMIAN and Andrei SERBANOIU, Bitdefender Online Threats Researchers.

Tagsgmail Google Account hackers Hacking passwords phishing attack slider steal

You may also like

Alerts • Industry News

Beware of GermanWiper – the ransomware that is not ransomware

4 months ago
E-Threats • Industry News

Google Takes Down 2.3 Billion Ads, Almost 60 Million Phishing Scams

9 months ago
E-Threats • Industry News

Man arrested for selling one million Netflix, Spotify, Hulu passwords

9 months ago

About the author

View All Posts

Bianca STANESCU

Bianca Stanescu, the fiercest warrior princess in the Bitdefender news palace, is a down-to-earth journalist, who's always on to a cybertrendy story. She's the industry news guru, who'll always keep a close eye on the AV movers and shakers and report their deeds from a fresh new perspective. Proud mother of one, she covers parental control topics, with a view to valiantly cutting a safe path for children through the Internet thicket. She likes to let words and facts speak for themselves.

1 Comment

Click here to post a comment

Leave a Reply to data: in the browser address bar may indicate a phishing site - progress Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • data: in the browser address bar may indicate a phishing site - progress says:
    August 26, 2014 at 8:14 am

    […] new trend  is a use of data: uniform apparatus identifiers (URIs). The Hot for Security blog describes one of a attacks targeting Chrome users and their Google login in […]

    Reply
Animal Lovers Lose Thousands of Dollars after Falling for Pet Scams
WooThemes hacked. Premium WordPress theme manufacturer warns of credit card leak
Comment
    Share This!
  • Facebook
  • Twitter
  • Google Plus
  • Pinterest
  • LinkedIn

Promo

1.3m
Fans
Like
▲ 141
95.6k
Followers
Follow
2.7k
Subscribers
Subscribe
10
Subscribers
subscribe
1.4m
Fans Love us

Recent shouts

  • wfk on Mac users warned that disabling all Office macros doesn’t actually disable all Office macros
  • hashim on How ransomware victims can recover encrypted data for free
  • ma on Millions of Android phones may be vulnerable to camera spying vulnerability
  • M on Millions of Android phones may be vulnerable to camera spying vulnerability
  • FTC Fan on FCC Settles with InfoTrax Systems for Failure to Secure Data of 1 Million Clients

Time Machine

December 2019
M T W T F S S
« Nov    
 1
2345678
9101112131415
16171819202122
23242526272829
3031  

ANTIVIRUS SOFTWARE FOR HOME USERS

Bitdefender Cybersecurity for Smart Home
Bitdefender Complete Protection
Bitdefender PC Protection
Bitdefender Antivirus for Mac
Bitdefender Mobile Security for Android
Bitdefender Product Comparison

BUSINESS SOLUTIONS

Bitdefender GravityZone Business Security
Bitdefender GravityZone Advanced Business Security
Bitdefender GravityZone Enterprise Security
Bitdefender Hypervisor Introspection

TOOLS & RESOURCES

Renewal for Business Customers
Trial Downloads
Free Antivirus
Free Online Virus Scanner
Free Virus Removal Tools
Live Remote Assistance
Free Tools
Bug Bounty
Press Center

Powered by Bitdefender - a leading cyber security technology provider | Copyright © 2008 - 2016. All rights reserved.
  • Home
  • The Team
  • Terms and Conditions
  • Contact
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok