Phishing attacks target Google accounts, warns Bitdefender

Hackers are stealing Google account passwords using a phishing attack that bypasses heuristic detection, warns Bitdefender

Hackers are stealing Google account passwords using a new phishing attack that is hard to catch with traditional heuristic detection, warns security firm Bitdefender.

The attack exploits the uniform resource identifiers (URIs) that Google Chrome uses to display data. This makes Chrome users most vulnerable, but the attack also targets Mozilla Firefox users.

“With access to users’ Google accounts, hackers can buy apps on Google Play, hijack Google+ accounts and access confidential Google Drive documents,” said Catalin Cosoi, chief security strategist at Bitdefender.

“The scam starts with an email allegedly sent by Google, with 'Mail Notice' or 'New Lockout Notice' as the subject,” he said.

The messages reads: “This is a reminder that your email account will be locked out in 24 hours, due to not being able to increase your email storage quota. 

"Go to the INSTANT INCREASE to increase your Email storage automatically.”

The link then redirects victims to a fake Google login web page that asks for their credentials.

“What is interesting about this phishing attack is that users end up having the 'data:' in their browser’s address bar, which indicates the use of a data URI scheme,” said Cosoi.

The data URI scheme, he said, allows scammers to include data in-line in web pages, as if they were external resources.

The scheme uses Base64 encoding to represent file contents, in this case supplying the content of the fake web page in an encoded string in the data URI.

As Google Chrome does not show the whole string, Cosoi said regular users may not realise they are being targeted in a phishing attack and give their data to cyber criminals.

Disguised phishing on the rise

Google, Facebook, eBay, phone services and financial institutions are among phishers’ favourite disguises to invade inboxes worldwide, he said.

Phishing attacks are likely to increase due to the use of automation and the ability to bypass host-based detection systems, according to Johanne Ullrich, dean of research for the SANS Technology Institute.

However, this does not mean that businesses are powerless against such attacks. There are several ways businesses can reduce the risk of successful phishing attacks.

These range from security education aimed at making users more aware of phishing techniques, to implanting effective methods and procedures such as continuous network monitoring

Read more about phishing attacks


Read more on Privacy and data protection