Bitdefender researchers recently came across a new, well-crafted phishing attack designed to steal victims' Google login credentials.
A spam e-mail with the subject line "Mail Notice" or "New Lockout Notice" states, "This is a reminder that your email account will be locked out in 24 hours. Due to not being able to increase your Email storage Quota. Go to the INSTANT INCREASE to increase your Email storage automatically."
Recipients who click on the link in the email at "INSTANT INCREASE" are redirected to a fake Google login page.
What's notable about this attack, according to Bitdefender, is that the browser address bar only shows "data:," which indicates the use of a data Uniform Resource Identifier scheme. "The data URI scheme allows scammers to include data in-line in web pages as if they were external resources," Bitdefender security specialist Bianca Stanescu writes. "The scheme uses Base64 encoding to represent file contents, in this case supplying the content of the fake web page in an encoded string within the data URI."https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
"As Google Chrome doesn’t show the whole string, regular users have a hard time figuring out they are targeted in a phishing attack and may give their data to cyber-criminals," Stanescu notes.