Watch out, folks. There are two new — and very slippery — email phishing scams wreaking havoc on innocent Gmail and Netflix users right now. The scams are so cleverly designed that many online security professionals have fallen victim as well. In the Gmail scam, users will receive an email from someone they know (whose account was recently hacked) and inside the email is an attachment to a document. That link to the document, however, merely takes you to a new window which looks exactly like a Gmail login page. Once you enter your email address and password on that false Gmail login page, you will have given full access of your account to the hackers.
This is the closest I’ve ever come to falling for a Gmail phishing attack. If it hadn’t been for my high-DPI screen making the image fuzzy… pic.twitter.com/MizEWYksBh
— Tom Scott (@tomscott) December 23, 2016
If you do happen to click on the attachment and the new login page opens up, you will know it’s a fake login page by looking for three things: 1) the url begins with data:text/html, 2) there is no green lock symbol followed by https://, and 3) all official Gmail login pages feature https:// followed by accounts.google.com.
Watching closely for what appears in your URL bar is the #1 best way to avoid getting hacked. If, unfortunately, your Gmail does get compromised then be sure to immediately change your passwords. A similar phishing scam is currently attacking Netflix users as well. The scam sends an email to Netflix users asking them to update their info and validate their payment details. However, an email like this should automatically be suspicious because Netflix would never ask for this information via an email — all that information is handled directly on their website or through the app itself. Watch below as Jeff Rossen of TODAY shows how easily it can all go downhill if you’re not careful.