Gmail Phishing Scam: How It Works

Gmail Phishing Scam: How It Works

There is a new Gmail phishing scam out there that you need to be aware of and it is fooling even the most tech-savvy. This phishing scam allows hackers to access your Gmail account and all your personal information. Here’s how it works and what you can do to avoid being scammed.

How the scam works

  1. Initially, the hacker sends an email to your Gmail account from an email address that you are familiar with.
  2. The email will arrive with a PDF attachment.
  3. After clicking on the link you will be taken to a phishing page which is disguised as a google sign-in page.
  4. You are then directed to put in your login details again, which allows the hacker to sift through your emails. This fake login page is almost identical to the normal Gmail login page.
  5. The only indication that this page could be dodgy is ‘data:/text/html’ in the address bar before the words ‘’ So if you’re not paying close attention one would assume that this is a legitimate website and that there is nothing fishy about it.
  6. After you have put your details into the fake Gmail login page the hacker has full access to your emails as well as your contact’s emails addresses. These contacts then become new targets for the hacker.

Protect yourself from this Gmail phishing scam

To help protect yourself from this Gmail phishing scam make sure that there is nothing before the host name ‘’ other than ‘https://’ and the lock symbol.

Ensure that when you are in your Gmail account that the address doesn’t have ‘data:text/html’ in the browser bar as this is a sign that the website is fake.

It is recommended that you enable two-step login with your Gmail account. With two-way authentication as well as entering your password you also need to enter a code that is sent to your mobile for you to log into your account when you sign in from a new device. This means that even though the hacker may know your password they won’t be able to access your account remotely.

How you can avoid phishing scams

  • If you receive an email asking you for your personal information do not click on any links or give any personal information until you know that the website is safe.
  • If you are sent a link in an email you need to check that the URL of the link matches the description of the link or else it could lead you to a phishing website.
  • If an email looks suspicious, check the sender name and email address match.
  • You can also check if the email is authenticated by hovering over any links before you click on them.
  • Think twice before entering your login details e.g. if you are already in your email, why are you being asked to log in again?

For more tips on keeping yourself safe online read our latest blog about protecting yourself online.