Skip to main content
  1. Home
  2. Computing
  3. Web
  4. News

New phishing scam has high success rate against tech-savvy Gmail users

By
Add as a preferred source on Google

Time to change your passwords, again. Well, if you’re a Gmail user anyway. A new phishing scheme, targeting Gmail users, aims to use your contact list against you by putting together a legitimate-sounding email from the contents of your inbox in an effort to compromise the accounts of your friends, family, and co-workers.

It sounds complicated, but the sophisticated attack is deceptively simple. Let’s start at the top. Just like any other phishing attempt, you’ll receive an email in your inbox, but it will look like it’s from one of your contacts — it will have details that other phishing emails don’t.

Recommended Videos

Instead of hawking male enhancement pills or fake package delivery notifications, this one will be from a friend or family member, it’ll include a plausible subject line and may include an attachment from that contact’s email box.

Clicking the attachment, which may be an image, will take you to what appears to be a Gmail login page. You input your information, and your account is immediately compromised. The scammers will then use your email address to try and hook another victim from your contact list, using the same technique.

Why is this phishing scam a bigger deal than the others currently out there? Well, Wordfence points out that it’s been around for about a year, but lately, experienced, tech-savvy users have been falling prey to this attack. Because it’s so custom-tailored, and because it’s a bit more subtle than other phishing attempts, it’s a tough one to spot.

After all, Gmail does a pretty good job of diverting dangerous emails from your inbox, but these ones come from your contacts, people who you likely know or work with, so they’re able to bypass standard spam protections.

Luckily, there are some surefire protections you can use. First, as is always a good idea, change your password, and enable two-step verification. Now would be a good time to start using a password manager like LastPass.

Now on to the actual phishing scam itself. If you click any link or attachment in an email and Gmail prompts you to re-enter your credentials, stop, and double-check your URL or address bar.

The beginning portion of the URL should read “https://accounts.google.com” but if it reads “data:text/html” before the HTTP portion of the URL, do not enter your credentials. Close the site, clear your cache, report the email, and change your password just to make sure.

Jaina Grey
Jaina Grey
Former Digital Trends Contributor
Jaina Grey is a Seattle-based journalist with over a decade of experience covering technology, coffee, gaming, and AI. Her…
Topics
AI-pilled graduates are not a big hit for finance jobs with their shallow ideas
Turns out ChatGPT can’t survive every finance interview
Artificial Intelligence

Artificial intelligence may be transforming the financial industry, but some firms are beginning to push back against a growing trend: graduates who rely too heavily on AI tools without demonstrating deeper analytical thinking.

According to a report by The Financial Times, the issue recently surfaced through experiences shared by senior finance professionals, including one New York financier who described his company’s 2025 interns as the first group of “true AI natives.” These students had grown up using both digital platforms and generative AI systems, and initially appeared highly capable during recruitment.

Read more
Canvas hack hit students at the worst time, and it’s a wake up call for schools everywhere
Canvas hack exposed the weak links in digital classrooms
Logo

A cyberattack on Canvas could not have come at a worse time. The learning platform, used by schools and universities for assignments, exams, grades, lecture materials, and class communication, went down during finals week, leaving students and instructors scrambling for alternatives.

The incident has been linked to ShinyHunters, a hacking group known for data theft and extortion. According to BleepingComputer, Canvas login portals at hundreds of institutions were defaced with a ransom-style message warning that stolen student data would be leaked unless the attackers were contacted. The group claimed to have obtained data tied to millions of students, teachers, and staff across thousands of schools.

Read more
Fake DDR5 RAM sticks are now using plastic chips to fool buyers
PC hardware market continues to get messier.
RAM memory chips

If DDR5 prices were not painful enough already, counterfeit RAM is now entering the chat. Some fake memory sticks reportedly look convincing enough to fool buyers, right down to plastic chunks disguised as DRAM chips.

Fake DDR5 RAM sticks are now getting disturbingly convincing

Read more