The attack begins by breaching one person’s email, then scanning the first victim’s email for sent emails containing an attachment.
When one is found, a screen shot is taken and included with the mail that the hackers will send next. The idea is to build trust and convince the next victim that they’re receiving a resend of the file in question from a known source.
The next step, of course, is to gather email addresses and send emails to new recipients. These include the aforementioned screenshot, disguised as a PDF.
The hackers have also found an inventive way of getting around Google’s normally excellent scanning and detection protocols. The URLs they use are virtually identical to official Google URLs. When you click to download what appears to be an innocuous PDF, you are redirected to what appears to be a Google login page.
This, unfortunately, is a trick, and when you log in, you give the hackers your Google password.
Unfortunately, too many people tend to use the same password across multiple websites, so once the hackers have this password, more often than not it means that they’ve got the keys to your digital kingdom.
This is the most effective phishing attack we’ve seen to date. Most phishing attacks have a success rate no higher than 3-4 percent. This one is nearly an order of magnitude more effective, and it’s spreading quickly.
It’s something you need to be sure that your IT staff and all your employees are aware of. Even if at first glance an email in question appears to be from a trusted source, it bears a quick voice or in person contact to be sure that the sender has actually sent you a file. This extra step could save you quite a bit of pain down the line.