An angled photo of a gmail inbox

Watch out for this new phishing scam.

Phishing scams are on the rise. Their use of social engineering techniques are making them particularly sinister and effective. The question is how to defend against these attacks. Though we may dream of a simple solution that is only a click away, there are no such solutions. Knowledge is the most important and most effective defense from phishing schemes. Today we’re going to be talking about this phishing scam, how it works, and what you need to know to stay safe.

Would you download an attachment from someone you know?

The answer to this question is most likely, “Yes.” An email from someone you know and trust is usually safe, but in the case of this new Gmail phishing scheme, it might not be. The hackers behind this new phishing scheme are using compromised email addresses to send familiar attachments to people within the contact list. That is to say, they are sending attachments that you are expecting or have gotten before. When you click on the familiar photo attachment, you will be redirected to a screen that looks almost identical to Google’s login screen. If you put in your username and password, you will be compromised.

How can you defend against the Gmail phishing scam?

This devious scam can be avoided by proceeding with caution when you think something is odd. Having to put in your login credentials a second time, for example, just to view an attachment is something you don’t usually have to do. Events like these should always make you reevaluate and take extra precautions. According to WordFence, “To protect yourself against this you need to change what you are checking in the location bar.

This phishing technique uses something called a ‘data URI’ to include a complete file in the browser location bar. When you glance up at the browser location bar and see ‘data:text/html…..’ that is actually a very long string of text. “

We can take this to mean that you should proceed with extreme caution when downloading files in the future. Be safe out there.


If you need the help of an experienced computer forensics experts, contact the team at to find out more about how we can help in your data recovery, cybercrime, or e-discovery needs or if you need trusted expert testimony, simply request a consultation and we will be in touch. We are in Maryland and in Michigan and we have the necessary licenses to get the job done on a national level. No matter where you go, we can help you.

Don’t forget to keep up with our weekly blog for advice and information on how to prevent being the victim of cybercrime. It’s more likely than you may think. You can follow us on TwitterGoogle+, and LinkedIn too. Stay safe out there!