Forum Thread: How Exactly Does Gmail's New Phishing Technique Work?

I've seen this around the news for a while: Hackers exploit new phishing technique to get login credentials of users.

According to the news, the main difference is that the address bar shows the url of the real site so even the tech savvy are getting hoodwinked.

Image via

In the above picture, the url of the real Gmail login page can be seen.
My question: How exactly does this phishing scam work?

2 Responses

It's not a real Google web page or a Google web address, just made to look like it. Experienced users do not fall for it. It redirects you to the phishing page when clicking an email attachment that directs you to the fake page. Experienced users should know that if you are reading your email in Gmail, you are already signed in. No need to re-sign in anywhere. Anywhere that tries is phishing. The reason this is more advanced is because it's using attachments to redirect.

That's correct. Also, not everyone looks at the address bar, and you can actually use PHP to make it look like a different address and you can get an HTTPS SSL for free. (Hak5)

Share Your Thoughts

  • Hot
  • Active