Email phishing scams is one of the most common way for any hacker to stole your credentials. Most phishing scams are not very hard to detect, but in some cases we’ve seen that a clever hacker can bypass the security algorithm and tricks you into surrendering your details.
Mostly Hacker (attacker) creates an email address, which helps him to seem your legitimate friend or someone you know. Mostly these emails carries a PDF attached file with them, which opens a new window when you try to open it. The new sign-in fake page will send your data directly to the attacker and compromise your email account.
How to protect yourself
When you are using any sign-in service (eg: Google, Yahoo,Outlook etc,.) always check the browser location bar atleast and verify the hostname and protocol. This precaution will eliminate every chance of you becoming a victim of phishing activity.
The above image shows a phishing activity when a user opens an suspicious PDF file. It opens a Google sign-in page with the above Chrome browser tab location. data:text/html, shows that this isn’t an official google log-in page. This means that this isn’t a secure page and some attacker is trying to steal your credentials.
Pic -2: shows the secure browser location of a Google sign-in page. Anything before accounts.google.com instead of Https:// means that the page isn’t secure and user should immediately close the browser tabs.
Everyday there’re many new phishing scam techniques attackers are developing to trick people. But, if a user uses above mention precautions he can never be a victim of phishing scam.