Gmail Phishing Attack

ITS has learned of a sophisticated and reportedly successful phishing scam that is targeted at users of Gmail and other online mail services.

According to Time Magazine “how the swindle works. The attacker, usually disguised as a trusted contact, sends a boobytrapped email to a prospective victim. Affixed to that email, there appears to be a regular attachment, say a PDF document. Nothing seemingly out of the ordinary.

But the attachment is actually an embedded image that has been crafted to look like a PDF. Rather than reveal a preview of the document when clicked, that embedded image links out to a fake Google login page. ” (read more)

Once a user signs in the attacker has access to your account unless you are enrolled in Google’s 2-Step Verification/. ¬† 2-Step provides an extra layer of protection on your account when your password has been compromised.

If you think you have fallen victim to this phishing attack, be sure to change your Allegheny password and then enroll in 2-Step verification. ¬†Changing your password will end the bad guy’s access to your account and 2-Step will keep them out the next time.

If you have questions, please contact the InfoDesk at 3768.