How to avoid ‘dangerous’ new Gmail attack targeting all 1.8BILLION users that steals passwords & raids accounts
EMAIL users face "dangerous" and "vicious" scam attacks meaning security details can be stolen in real-time.
Hackers are targeting almost two billion Gmail account holders by sending a phony webpage to unsuspecting victims.
The world's largest free email platform faces a serious threat by individuals using digital warfare.
Activating a spam filter is the main way of preventing phishing emails that could fool individuals into passing account details straight into the hands of a hacker.
If left unblocked, phishing emails that look like a regular webpage could be sent directly to an inbox resulting in a user logging into their account normally.
"These attacks can be deadly for a company," a digital security expert said.
Read more Tech News
James Knight told : "If these emails are received, people should be very careful what they open and the links they click on. Remember, just because it looks like a Gmail or Office login, doesn't mean it is.
"The ones that proxy the connection between the user and the email service are the most dangerous as they give persistent access, even if the user has setup security features such as MFA."
Kitted with 25 years of experience and cybercrime tool knowledge, Knight described how he used Astaroth on clients to test the company's effectiveness and their employees' ability to spot a scam.
Astaroth, which is available on the dark web, can defeat two-factor authentication meaning hackers can impersonate victims.
Most read in Tech
Despite the supposed added layer of defence for an account, the phishing kit offers a method to fool the victim.
This means hackers are not just limited to account information but can also opt to gain access to usernames, passwords, credit card numbers, bank information, and more.
Previously it was thought that phishing tools could only be effective by sending suspicious links in emails but Astaroth offers an alternative method.
Dark web sellers are reportedly enhancing the malicious software with six months of updates delivered through the anonymous messaging app Telegram.
Unfortunately, this means Microsoft may need to continue its work to stay ahead of this type of attack.
It comes after an urgent warning being issued to Gmail and Outlook users of the attack which raids passwords and account details.
The fake page could "mirror" a legitimate sign-in page so there are no warnings.
This allows attackers to bypass two-factor authentication protections "with remarkable speed and precision."
So, even if you are sent an SMS code to access your email account, the attackers can intercept it.
"Astaroth significantly raises the bar, rendering conventional phishing methods and their inherent security measures largely ineffective," said researchers.
Over the weekend, Gmail users were warned of a new AI-fuelled scam that steals their personal information and hijacks their accounts.
The FBI first warned about the attacks in May last year.
The "devastating" attack saw not just funds stolen from accounts but also victims' identities.
FBI Special Agent in Charge, Robert Tripp, said: "Attackers are leveraging AI to craft highly convincing voice or video messages and emails to enable fraud schemes against individuals and businesses alike.
Read More on The Sun
"These sophisticated tactics can result in devastating financial losses, reputational damage, and compromise of sensitive data."
What is phishing?
HERE's what you need to know:
- Phishing is a type of online fraud
- It's typically an attempt to nab some of your data
- Phishing generally involves scammers posing as a trustworthy entity
- For instance, fraudsters could send you an email claiming to be your bank, asking for details
- Scammers can also set up fake websites that look like real ones, simply to hoodwink you
- Phishing can take place over email, social media, texts, phone calls and more
- The best defence against phishing is to be generally sceptical of weblinks and emails, especially if they were unsolicited
