The attackers first compromise a victim's Gmail account, and once they are in, they start rifling through inboxes to launch secondary attacks in order to pass on the attack.
The hackers first look for an attachment that victims have previously sent to their contacts and a relevant subject from an actual sent email. Then the criminals will start gathering up contact email addresses, who become the new targets of the attackers.
After finding one, the hackers create an image (screenshot) of that attachment and include it in reply to the sender with the same or similar subject for the email, invoking recognition and automatic trust.
What makes this attack so effective is that the phishing emails come from someone the victim knows.
This new Gmail phishing attack uses image attachments that masquerade as a PDF file with a thumbnailed version of the attachment. Once clicked, victims are redirected to phishing pages, which disguise as the Google sign-in page. But it's a TRAP!
The URL of the fake Gmail login page contains the accounts.google.com subdomain, which is enough to fool the majority of people into believing that they are on a legitimate Google page.
