Website Security – Gmail Phishing Scam

Well, there is another big scam among us. It still amazes me that this still exists with all the security measures we have available to us. Remember when the Nigerian government had millions of dollars for you? Those were fun times. Now that there are so many people connected to the Internet, multiple email addresses and even running multiple online businesses, the odds of a successful attack have increased, even with website security. Windows and Android platforms are still getting the bulk of the action, while MacOS users are still sitting pretty and safe. With that said, Google’s Gmail service has become the prime target for phishing scams. It seems scammers have moved away from the Yahoo emails, since Gmail has now become the top email service in the world.

What if I told you your Google login information could easily be stolen by one of the most well executed scams I’ve seen in a long time? Scared? Yea, you should be, because this one isn’t going away for some time. Via Lifehacker, the cyber security experts at Wordfence first brought this new scam to light earlier this year. To make a long story short, the scammers are targeting Gmail users who access all Gmail accounts through a web browser. You know the graphic Google uses to show a PDF or Word document? Well, that is what’s being attached to the body of the email itself. So when the user clicks on it, he or she will be redirected to a page that looks identical to the Google login screen you would see when logging in.


Here’s what the scam email looks like:


Gmail_Phishing_Scam-300x292 Website Security - Gmail Phishing Scam
Look at the resemblance of the graphic Google created and the login page; this makes for a dangerous scam. But most of you reading this are smart people, so just as you guessed, the page isn’t Google’s nor is it hosted on Google servers. When a user visits this page, most will go ahead and sign in like normal. The only problem is, by inputting your username and password, you are now freely giving the scammers your login credentials. They will then have full access to your Gmail account and further spread the scam.

So now that we’re all scared and racing to delete our Gmail accounts, let’s pump the brakes and I’ll give an easy way to spot the fake site.

  • Always look at the domain (ex. You should see “https:” at the very beginning. If you look at our site, you will notice the secure feature and that it’s highlighted in green.
  • If you’re a Google Chrome user, you’re in luck. Wordfence mentioned that the latest version of the popular browser now displays, “Not Secure” when the page loads. This is a good indication that this is a non-secure site and you should not put any secure information when on a page with this warning. Most of the time, you will see “Not Secure” highlighted in red as well.
  • If you look at the domain name and it has, “data:text/htyml” instead of “https:”, this is another indication that the page is not secured and is a fake site.

Another point to note if you’re a business owner with a website, there are website’s currently being affected by this scam as well. Once a hacker has access to your website, they could have your client’s email addresses and start sending messages with your name attached. By doing this, there is a high chance each of your client’s will trust the email and open it. In the end, this could lead to serious issues, lawsuits, and client’s looking to work with another company.

It is important you have website security. I can not stress this enough. Having website security features can prevent and/or reduce the chance of someone accessing your site. Google reported in March of 2016, that over 50 million websites had some type malware or virus. That number is increasing everyday as only 20% of business owners have website security. If you need assistance, check out our shop for our website security packages.

Lastly, please share this! It’s important we all get the word out to make sure no one falls for this trap. Let me know your thoughts or if anyone you know has been effected by this new scam.

Leave a Reply

Your email address will not be published. Required fields are marked *