Gmail/G Suite Users Beware

[prairiedog]

In case you use Gmail/G Suite for email and haven't seen this, this is a fairly sophisticated phishing attack, so beware -

https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri

 

[Rageix]

Surprised I have not seen this attack before, typically something like this would make top of Hacker News or similar.

As always:

• Think to yourself, should I have to log in? Obviously you just clicked an attachment you shouldn't have to log in.
• Make sure you are on the actual log in page.
• Use 2-Factor authentication.

 

[Casper]

thats beautiful!

Data URI, base64 encoded then obfusicated javascript leading to a simple phisher.

with a better phisher they could of easily logged the 2factor aswell!