A new phishing scam has surfaced and displays what looks like a Google sign-in page if the email recipient and Google user clicks on attachments. If they then log into their Google account to view the file, the hacker’s program automatically retrieves account names and passwords and sends them to the hackers.
The scam has specific relevance to the real estate industry, because it gives hackers access to Gmail accounts and real estate professionals who use Gmail could simultaneously be accessing their own email account for both sending and receiving, while the hacker has access to their account and is also sending and receiving emails through their account. These hackers often monitor correspondence between real estate professionals, title companies and buyers and, at the last minute, have tried to have the final check needed for closing wired to their own bank account.
Typically, the scammer will send an email to your Gmail account. The email likely will appear to be coming from one of your contacts and ask you to look at an attached file, such as a PDF or Word document. It may appear to be legitimate since it seems to be coming from one of your actual contacts, but when you click on the attachment to try to preview the attachment, a new tab opens and prompts you to sign in to your Google Gmail account.
If you sign in to your Google Gmail account, the scammer will instantly have access to your email account and will have the ability to use one of your actual email attachments and subject lines to try to scam others on your contact list as well.
To avoid the phishing scam, always check the browser bar before you log in. The Google sign-in page that users are directed to appears legit, with the same logo, text boxes, and tagline, but the address bar says the page is a data URL with the prefix “data:text/html.” It’s not a URL that begins “https://.”
Google also recently released a Chrome update to 56.0.2924 to help spot such fake forms. With the update, if you view a data URL, the location bar will show “Not Secure” to help users spot a phishing scam more easily. Users on laptop and desktop computers can often hover their cursor over the attachment to check its URL before clicking.