The Internet is always under a threat as the hackers are constantly trying to snoop into the email accounts of people to steal private data. Though tech companies are constantly updating their digital security norms adding layers of encryption to the data that they are sending and receiving, hackers keep on finding creative means to bypass their security check. Latest to face the heat are Gmail users, who are being pounded by these cyber terrorists.

Apparently, a new phishing scam is targeting Gmail users into giving up their account information. The phishing email usually comes from the accounts of the people in the user’s address book in the form of an attachment.  When the user clicks on the attachment hoping to see a preview of the document, he is redirected to a URL that asks him to re-enter his Gmail account credentials.

Beware! As this is a trick that the hackers are using to snoop the personal information from the Gmail users. The login page seems just like the authentic Gmail log-in page and it is difficult to distinguish a real one from a fake one unless you are an expert.

The important thing to note is that the phishing mail directs the users to an alternate log-in page, which begins with ‘data:text/html‘ instead of the standard ‘https‘. The phishing technique was first noticed by Wordfence blogger Mark Maunder, who said that the attack was not only being used to target Gmail users but also other services as well.

Gmail

Phishing URL (Photo: WordFence)

ALSO READ: Watch: A hacker exposes how vulnerable flights are to hacking

Before this scam compromises your account security as well, here are the steps you can take to prevent such attack:

  1. Never log-in to any account that does not begin with ‘https‘, which is the security standard being used over the Internet.
  2. Set up two-step account verification for your Gmail account.

Follow these steps to set up two-step account verification:

ALSO READ: Alert! Here are 10 passwords you should never use again

Step 1: Log in to your Gmail account

Step 2: In the Settings menu go to Accounts option

Step 3: Click on Google Account Settings

Step 4: You will be directed to My Account Page

Step 5: Click on Sign-in & security

Step 6: Under Password & sign-in Method click on 2-Step Verification

Step 7: Click on Get Started and re-enter your password

Step 8: Enter your phone number and click on Try

Step 9: You’ll send a verification code on your mobile number

Step 10: Enter the 6-digit code and click Next

Step 11: Click on Turn On and you’re good to go!