"One Gmail user told the Daily Mail she nearly lost access to her Google account after receiving what appeared to be a legitimate invitation from a friend. The email prompted her to click a 'View & RSVP' button, which redirected her to a convincing login page asking for her Google credentials. 'The two signs that immediately made me suspicious were that the bottom of the email showed my friend's name in large font, but then randomly said "event by Robin Carter," someone I had never heard of,' she said."
"'The second red flag was when I clicked the link and realized the sign-in page wasn't hosted on a Google domain. 'That's when I knew something was wrong. But the scary part is the email really did come from my friend's address because hackers had already gotten into her account.' Tech experts said that to avoid falling victim, check the sender's email address carefully."
"Tech experts said that to avoid falling victim, check the sender's email address carefully. While it may appear to be from a friend, hackers could be using a compromised account to send out invitations. Rachel Tobac, CEO of cybersecurity company SocialProof Security, warned that the scam typically works in one of two dangerous ways."
"In some cases, victims repeatedly click a broken-looking link, unaware that the action silently installs malware capable of stealing passwords, banking information and other sensitive personal data. Other attacks redirect users to a convincing sign-in page designed to mimic a legitimate Google login screen. Once victims enter their credentials, hackers can immediately gain access to their accounts. 'They can take over your bank account, change your health insurance,' Tobac warned in a LinkedIn post."
Gmail users are targeted by scam emails that appear to be harmless event invitations from people they know. The message includes a “View & RSVP” button that redirects to a fake login page requesting Google credentials. Some emails show inconsistent sender details, such as a known friend’s name followed by an unfamiliar event organizer. The sign-in page may not be hosted on a Google domain, indicating a fraudulent site. In other cases, clicking a broken-looking link can silently install malware that steals passwords and sensitive data. Because attackers may use compromised accounts, the sender address can still look legitimate. Experts advise checking the sender’s email address carefully and verifying link destinations.
Read at Mail Online
Unable to calculate read time
Collection
[
|
...
]