Andrea Danti - Fotolia

How can users identify phishing techniques and fraudulent websites?

A Gmail phishing attack brought users to fake login pages designed to look like Google's. Expert Nick Lewis explains how users can prevent similar phishing attacks.

Wordfence, which makes a security plugin for WordPress, discovered a phishing technique targeting Gmail users that starts with an email sent to the target user's account that sends them to a fake login page designed to look like Google's. What are the indicators users can look for to confirm that a webpage is legitimate? Are there any tools or add-ons that can prevent these sorts of phishing techniques and attacks?

Phishing attacks continue to be among the most effective ways to compromise an enterprise.

Wordfence blogged about this phishing technique from early 2017 that targeted a confusing user interface issue in Chrome web browsers, which could make a webpage appear to be Google's login page (the address bar featured, leading users to believe it was authentic). Google has since addressed the issue.

Sometimes, the standard advice sounds trite, but may still be the only advice upon which we can reasonably agree. There are varying views in the security community about the value of Security awareness and its effectiveness versus focusing efforts on using the company's budget for security tools. People continue to be victimized by phishing techniques, and as a security community, we need to make significant improvements to better protect people, along with reducing the cost incurred by enterprises from compromised accounts. The guidance Wordfence released about how to identify phishing techniques and fraudulent webpages is good, but we need to do more.

For this specific Gmail phishing attack, a data URL that includes a file is displayed in the location bar, which is then opened up in a new tab. Google released a Chrome web browser update, which now displays a not secure message in the location bar whenever a data URL is displayed.

There are endpoint and network-based tools and cloud services that can help address phishing. Many web browsers and endpoint security tools already include some level of protection against phishing techniques. The Anti-Phishing Working Group has a lengthy sponsored tool list that includes many different classes of tools, ranging from attack detection to email filtering.

As part of your incident response process for phishing attacks, you could perform a root cause analysis to determine what security controls need to be improved to minimize the impact of a future phishing incident, and then find tools in that category to complement existing tools. 

Next Steps

Learn what approach your company should take after staff members fall victim to phishing attacks

Read about a phishing attack that uses voicemail notification emails to spread malware

Find out how to provide security awareness training to educate healthcare employees

This was last published in June 2017

Dig Deeper on Threats and vulnerabilities