The Gmail Scam That's Even Fooling Techies

By Kelly Janes, Owner, Owls Head Business Services

There’s a new Gmail scam in town.

Gone are the days of Nigerian princes offering to send you money, if you send them your banking information. Viagra ads and promises of tax refunds from the IRS are the way of the past. Today’s spammers are getting clever and they’re targeting you personally.

What’s the latest scam?

Basically, these clever spammers have created an image that *looks like* a PDF attachment in the body of the email. (see image 1 below)

When you click on it, instead of showing a preview or opening a nonexistent PDF, it appears to launch a Google login page. (see image 2 below)

That's no Google login page, Batman!

Nope, it's a clever script that generates a fake page, designed to trick you into entering your Google credentials. The script records and sends your credentials to the hacker(s). Then they log into your gmail account, and send more spam to someone(s) on your mailing list.

You see, that's the secret gold - you receive this spam from someone you know. Or at least someone who has your email address in their gmail. It could be someone you sent a quick email to 5 years ago and promptly forgot about... but they try to aim for folks who you will recognize.

How do you know if this is happening to you?

1. When you visit a safe website using Chrome, you see a green lock in the address bar: (see image 3 below)

2. When you click on this particular graphic, there is no lock at all in Chrome's address bar: (see image 4 below)

3. ALSO - you can see in that address bar above that is visible. This is designed to lure you into thinking you are on Google's website. You are not!

What's the solution?

1. Don't log in.
2. Check your Google account activity to make sure no one else has been using your account.
3. Send an email to the suspicious message sender. Let them know that you received a suspicious message and you think it's a scam. THEY should check their Google account activity. Send them this article, or just copy the link from #1.

The good folks at WordFence indicate that Google is working on a more thorough solution. Until then, remain vigilant!

About Kelly Janes
Kelly Janes owns Owls Head Business Services, a Portland, Oregon-based digital agency specializing in WordPress and Adobe eLearning apps. She has extensive experience in Information Technology, having started her career as a Help Desk Analyst for a large San Francisco-based law firm. Her well-rounded background includes work as an Online Specialist, Project Manager, Computer Trainer, Desktop Analyst & Budget Supervisor. Ms. Janes has worked in corporate, educational, creative, and small business environments. She speaks “Geek” and English fluently and is an expert translator between the two.