TECH: A Scheme to Get Your Gmail Password, DANGEROUS
0 views
Skip to first unread message
Brian Curry
Jan 13, 2017, 10:34:57 AM1/13/17
to NuSkin Training
A LOT of people use Gmail, so spread this around. This just came to
me on another list. It is UGLY. Do not be caught by it. You can
loose EVERYTHING in your Gmail account. (I suspect this same thing
will work in Yahoo and other "free" e-mail providers too.)
https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/
This works by a "real" message from someone you know, with a "normal"
attachment. They resend an ACTUAL message they have sent out already.
The attachment is the "payload" that tricks you. It brings up what
looks like a "normal" screen to relog in again. That is what steals
your info.
The URL is "data:text/html,https://accounts.google.com…." The
difference is that "data:text/html," at the front. It is IMPORTANT.
It means there is something BIG there and you are not seeing
everything. If it does not show the "normal"
"https://accounts.google.com…." DO NOT "relog in"
The significant thing here. If you "suddenly" get a new screen to log
in again, CHECK THE URL in the address bar. If it has
"data:text/html," SHUT IT DOWN. Tell the other person by some other
means (Another account, Txt, call them) and have them change their
password IMMEDIATELY or better yet 2 hours ago...
Check MORE than the for the little green lock. It will be green even
w/ that "data:text/html," at the front.
The article has a LOT MORE tech detail. I have tried to distill this
down to what to look for, and what to do.
If you see a Gmail request to relog in, CHECK the URL (Address ba) and
if you see "data:text/html," at the front of the URL RUN AWAY. Shut
it down, and get a hold of the sender and let them know they they are
"pwned"
If you are using "two factor" authentication where you are sent a Txt
you have to enter, it is harder, but they could change where it is
sent, and get around that.
Again, if you get a Gmail request to relog in, CHECK THE URL. If it
is not right STOP.
--
--------------------------------------------------------------------
Ambassador BMW MOA |
Brian Curry | The people should obey the rules,
"DEERsSLAYER" | but not know about them.
K75RTs both coasts | -- Aizawa Seishisai
Chester Springs PA |
me on another list. It is UGLY. Do not be caught by it. You can
loose EVERYTHING in your Gmail account. (I suspect this same thing
will work in Yahoo and other "free" e-mail providers too.)
https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/
This works by a "real" message from someone you know, with a "normal"
attachment. They resend an ACTUAL message they have sent out already.
The attachment is the "payload" that tricks you. It brings up what
looks like a "normal" screen to relog in again. That is what steals
your info.
The URL is "data:text/html,https://accounts.google.com…." The
difference is that "data:text/html," at the front. It is IMPORTANT.
It means there is something BIG there and you are not seeing
everything. If it does not show the "normal"
"https://accounts.google.com…." DO NOT "relog in"
The significant thing here. If you "suddenly" get a new screen to log
in again, CHECK THE URL in the address bar. If it has
"data:text/html," SHUT IT DOWN. Tell the other person by some other
means (Another account, Txt, call them) and have them change their
password IMMEDIATELY or better yet 2 hours ago...
Check MORE than the for the little green lock. It will be green even
w/ that "data:text/html," at the front.
The article has a LOT MORE tech detail. I have tried to distill this
down to what to look for, and what to do.
If you see a Gmail request to relog in, CHECK the URL (Address ba) and
if you see "data:text/html," at the front of the URL RUN AWAY. Shut
it down, and get a hold of the sender and let them know they they are
"pwned"
If you are using "two factor" authentication where you are sent a Txt
you have to enter, it is harder, but they could change where it is
sent, and get around that.
Again, if you get a Gmail request to relog in, CHECK THE URL. If it
is not right STOP.
--
--------------------------------------------------------------------
Ambassador BMW MOA |
Brian Curry | The people should obey the rules,
"DEERsSLAYER" | but not know about them.
K75RTs both coasts | -- Aizawa Seishisai
Chester Springs PA |
Reply all
Reply to author
Forward
0 new messages