There are many phishing scams. Smart and well designed, but also those that are very casual and prominent. Phishing scams use various methods and aim to spy on their victims' logins to some "interesting" service.
A new scam that appeared and is currently running (according to Lifehacker) comes from Gmail's inbox.
The message seems to include an attachment, which in fact is not what it claims to be. We report this fraud only because it is currently being circulated, not because it is well designed.
The following figure shows how this fraud looks like:
If you click, as you usually do when you see an attachment, you'll be taken to a Google page where you'll be asked to enter the code your access.
Of course, the page that will open is fake. It is actually a data URI prefixed with “data:text/html”, and no uses the usual HTTPS connection you would expect.
https://twitter.com/tomscott/status/812265182646927361
Let's say that Chrome v56.0.2924 προσπαθεί να αντιμετωπίσει θέματα όπως αυτό, εμφανίζοντας ένα μήνυμα “Not Secure"In line addresses.
In addition to controlling the URL that is essential if you want to protect yourself from such scams, the next time you want to click on a Gmail attachment, you should think it very well.
Generally you should be very skeptical when you meet attachments from people you do not know, but also from people you know because accounts they may have been compromised. After all, you are on the internet, where anyone can claim to be anyone they want.