Texas Tech University

Phishing Attack Targeting Gmail Users

The TTU IT Division alerts the Lubbock community of a new malicious email campaign targeting Gmail accounts. The attack works by sending emails containing an image that looks like Gmail’s “Attachment” icon. These messages may come from the compromised account of somebody the recipient knows. When the reader clicks the image, they are directed to a specially-crafted website that prompts them for their Google credentials. This website looks almost identical to a Google sign in page, and may even contain “accounts.google.com” in the browser’s address bar.

Once the user signs in, their account is immediately compromised. The attackers will log in to the user’s Gmail account and begin sending phishing messages to the email addresses in the address book, often using subject lines and attachment names that the user has sent in the past.

The TTU IT Division recommends the following steps to protect yourself from this attack: 

  • Look for the lock icon on the browser’s status bar and make sure that “https” appears at the far left of the address bar. “https” indicates that the connection is secure and your information is encrypted. If you don’t see a lock icon or https://, then your connection is not secure and your information could be at risk;
    Note: Some pages attempt to trick users by including https://accounts.google.com in the middle of the web address. Your connection is only secure if https:// is listed at the very beginning of the address.
  • Enable two-factor authentication for your Google account. This will help prevent outside sources from accessing your Gmail account;
  • Install, enable, and regularly update anti-malware/anti-virus software on your computers and devices; 
  • Regularly update operating systems, application software, and mobile apps;

We encourage you to be vigilant in practicing cybersecurity, and invite you to learn more cybersecurity tips online at http://cybersecurity.ttu.edu. Additional information about this phishing scheme is available online at https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri. For more information or questions, please contact your local IT expert or an area IT consultant.


Cybersecurity Practices Initiative: Lubbock