Generally IT professionals don't fall for phishing attacks: They know which factors make a email suspicious and when to be careful. However this new attack is even fooling them.
Generally phishing attacks contain bad spelling, weird URL's or attachments that look suspicious. Nowadays the public is getting wiser, even the cyber criminals know it. That's why their methods are getting more and more devious.
This new phishing attack is really annoying: it's sneaky and effective. Not only for normal users, but even for the experts.*
It all starts with a Gmail account that already has been affected. The cyber criminals immediately access the hacked accounts and send phishing mails to other Gmail addresses from the hacked accounts contacts list.
That email lands in the target inbox from the hacked address, and that's where it is getting difficult: the phishing email uses a legitimate subject line, text and attachments based on already sent emails by that account making it look completely real.
The phishing email comes with an "attachment" which actually is a screenshot of an attachment send by that account in the past. The trap is that the fake attachment is an embedded image with a link that takes the victim to a look-a-like Google Login page.
The victims think they need to re-authorize their account in order to view the attachment. However when the user logs in their account is in hands of the hackers. Then the cycle starts all over again.
This is one of the most tricky phishing methods because it's so hard to detect. Even the URL of the fake login page looks reals and contains the accounts.google.com domain. However there is one exception, which is also the key to avoid it: the URL is preceded by "data:text/html."
Avoid this phishing attack by being very careful. When you click on an attachment of any kind, pay attention to the web address in your browser. When preceded by data:text/html." don't log in.
Take the time and defend yourself by using other security methods like two-factor authentication. Do you need help? Let us know.
*If you are not a Gmail user, there is no reason to be worried. This phishing attack is only targeting Gmail users.