Google Chrome Can Leave Users Vulnerable to Phishing

Thursday, May 15, 2014

Anthony M. Freed


Users of Google Chrome are being targeted in a phishing campaign designed to harvest Gmail account login credentials that attackers can use to “buy apps on Google Play, hijack Google+ accounts and access confidential Google Drive documents,” according to security researchers.

The phishing scam starts with emails that appear to have been sent by Google with “Mail Notice” or “New Lockout Notice” in the subject line.

“Scammers usually pose as services that contact people by e-mail for announcements or notifications. Google, Facebook, eBay, phone services and financial institutions are among phishers’ favorite disguises to invade inboxes worldwide,” wrote Bianca Stanescu.

The bogus notifications claim that the target’s email account “will be locked out in 24 hours” because the user failed to increase his or her email storage capacity.

“This is a reminder that your email account will be locked out in 24 hours,” the email reads. “Due to not being able to increase your Email storage Quota. Go to the INSTANT INCREASE to increase your Email storage automatically.”

Targets arethen  instructed to “go to the INSTANT INCREASE to increase your Email storage automatically,” and when they follow the link, they arrive at a spoofed Google login page that asks the targets to enter their login credentials.

As with most malicious links, there may be clues that the site they are pointed to is not legitimate, but since Google’s Chrome browser does not always show the entire URL, targets may not have the opportunity to determine they are being phished.

“The data URI scheme allows scammers to include data in-line in web pages as if they were external resources. The scheme uses Base64 encoding to represent file contents, in this case supplying the content of the fake web page in an encoded string within the data URI,” wrote Stanescu.

“As Google Chrome doesn’t show the whole string, regular users have a hard time figuring out they are targeted in a phishing attack and may give their data to cyber-criminals,” .

Stanescu said a similar attack recently targeted Google Drive’s landing page in an attempt to grab Gmail credentials.

This was cross-posted from Tripwire's The State of Security blog.

General Impersonation Phishing Phreaking
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.