Image

Image

"The attackers log in to your account immediately once they get the credentials, and they use one of your actual attachments, along with one of your actual subject lines, and send it to people in your contact list. "For example, they went into one student’s account, pulled an attachment with an athletic team practice schedule, generated the screenshot, and then paired that with a subject line that was tangentially related, and emailed it to the other members of the athletic team."Fortunately, this scam isn't undetectable. The location bar uses "data URI" to include a complete file (the phishing page) in the browser. You can tell by the fact that the location lists "data:text/html," before "https://".
Image

"Chrome has resolved this issue to my satisfaction. Earlier this month they released Chrome 56.0.2924 which changes the location bar behavior. If you now view a data URL, the location bar shows a “Not Secure” message which should help users realize that they should not trust forms presented to them via a data URL. It will help prevent this specific phishing technique."To protect themselves against phishing attacks that are as clever as this one, users should verify both the hostname and protocol before they enter any personal information on a web page. They should also enable two-step verification (2SV) if the feature is available for their accounts. That way, an attacker won't be able to compromise their account even if they obtain their password.