Header Image

The Year Starts With a New and Cunning Gmail Attack

Jan 20, 2017
The Year Starts With a New and Cunning Gmail Attack

How many of you use Gmail on a regular basis? Either for personal or professional reasons, Gmail is one of the most popular email platforms in the world. Not to mention that you can connect it with a wide range of useful tools like Drive, Calendar, and more. Gmail is definitely an app that makes your life easier, right?

Well, if you do believe this, then you may also be a victim of the latest Gmail hack! This is one of the most clever recent hacks and you should be extremely careful with who sends you emails and attachments. You can also read about previous hack attempts in our article here.

The hack process

Usually, when you receive an infected email, you are able to tell by the suspicious links and the click bait titles. This time, the process is a little bit different and a lot smoother.

You will receive an email from a friend, work colleague, or business partner, with an attached document. This document is something you know you should get in the near future (a review you sent for editing, a contract you were waiting from a supplier, or anything that was discussed before). Sadly, this attachment is nothing else but a trap that opens a new Sign in window asking for your Gmail account details. After all we all were asked at a certain point to sing in so we can see the content of a document, right?

How is this possible? Well, hackers got so smart that they use social engineering at an automated level to figure out which documents link you and an already hacked Gmail account (in this case, the account of your partner).

Now, returning to the Sign in window – if you are just a little bit of security preparedness in your daily work, you know to check for the link. Usually, for a Google sign in, the link must show in the address bar. Well, the freaky part about this hack is that it actually shows this in the address bar! So there’s absolutely no reason to doubt the legitimacy of the attachment!

Again, how is this possible? Well, the hackers are using an old trick called script embedding. The hackers start their links with ‘data:’, which is the way to transform a link into a DAT URI, the standard way to embed content into a URL string. This method was actually designed around 1990 and it shows up in the RFC 2397, developed by the Internet Engineering Task Force.

So, if you ever get an attachment that requires you to log in, take a look at the URL. If it starts with the word ‘data:’ before http://, you can ignore the message.

example of the dodgy URL is

The solution to keeping our accounts safe

Just like with any hacks, there is a way to make sure your account is safe. In this case, the solution is MFA (multi-factor authentication). MFA introduces a second step in the authentication process so, if someone ever gets your username and password, they will also have to get through the second step to access your account. This second step can be a device you need to connect to the laptop, computer, tablet, or phone you use to access your email or a simple SMS message with a code. You can read (and learn) more about MFA in our article about two-step authentication so don’t be hasty! Learn how MFA can help you and make sure your business and personal life are safe!

Leave a Reply

Your email address will not be published. Required fields are marked *

8 + 4 =