360 Degree Cyber Security, LLC

Effective Google Email/Suite Phishing Campaign

Effective Google Email/Suite Phishing Campaign

26 January 2017

There is currently a major phishing campaign going on that is tricking users into entering their credentials into a screen that appears to be from an email provider.  These screens appear legitimate enough to fool even security professionals.  There is also a related phishing campaign tempts unsuspecting email users to click on a link to open a document stored in a Google Drive account.

Images below are examples of what you may see if you receive an email that attempts to lure you into giving up your credentials.

Below is what that image looks like.  Don’t click on the link.  If you receive one of those emails, please forward the email to us at infected@360cybersec.com


How do you tell if it is legitimate or not.  Look in the address bar.  If it is a bad link, it may look something like this…


Notice the words data text and html all be for the https?  That should not be there.  If it was a legitimate, the https: and a lock would appear in green.

One way to avoid complete access to your account is to turn on 2-factor authentication (2-step authentication in Google).  If you see screens like the ones above and enter in your login credentials, your credentials have been compromised.  But with 2-factor authentication enabled, your account will likely not be compromised.  Change your account password immediately.  This goes for any accounts on any website that you use the email address and same password (which is also HIGHLY not recommended).

If you have any questions, please be sure to drop us a line at info@360cybersec.com

About the Author

Chris Wolski author

Chris Wolski is the founder and principle consultant of the small business and municipality focused cyber security firm 360 Degree Cyber Security, LLC. He is currently certified by International Information System Security Certification Consortium as a Certified Information Systems Security Professional and by the SANS Institute as a Global Industrial Cyber Security Professional. Active in the information security community, Chris volunteers his time at BSides Delaware and to various individuals seeking to be mentored in cybersecurity. He is frequently researching industrial devices to discover weaknesses that would present a problem for users of those devices. Chris obtained his start in cyber security in the U.S. Navy where he served in various information security and signals intelligence roles over his 20 year career. He left government service after serving in a position to develop cyber threat intelligence against industrial controls and later on the Joint Chiefs of Staff as a cyber incident handler. Chris has a Bachelor of Science Degree in Cybersecurity from University of Maryland University College and is currently pursuing a Master in Business Administration, also at the University of Maryland University College.

Leave a Reply