I’ve been a Gmail user since its beginning in 2004. Unlike Yahoo! email, Gmail has historically done an exemplary job of blocking spam and phishing.
Until this year.
New forms of phishing are evading Google’s filters: the first is what I call the “invoice scam,” where the sender emails an attachment claiming to be an invoice. I surmise that either the attachment has malware embedded in it, or they are hoping that I will pay the invoice by sending money to who-knows-where.
Another form of phishing I’m seeing a lot (several each day) are emails in which the entire contents of the message is a single image. The image claims to originate from a major retailer such as Home Depot, Ace Hardware, and others. I’m told that I have been selected to win a product of some sort. Like the invoice scam, I’m certain that clicking the image will take me to a watering hole attack, a page where I’ll be asked for login credentials or payment information.
I don’t doubt that Google will figure out how to block these types of phishing messages. But the senders are not going to give up so easily. We must continue to be on our guard and practice the principles of incoming emails:
- Be wary of emails from people you don’t know.
- Be wary of emails from people you DO know that are out of character.
- Confirm the message through independent means (NOT a reply).
- Do not be curious and click, just to see what happens next.
Peter H. Gregory 