How Gmail phishing emails bypass the filters and how to spot them

Shaun
Oct 19, 2021
Email, Gmail
|
13

Although email spam is something that we are faced with every day, it should still be taken very seriously. There is no hard-and-fast law against spam, and most prominent spammers only get caught for wire fraud or other financial crimes and not spam emails. The only real solution is spam filters.

While Gmail has quite advanced spam filters, it is not perfect. Now and then, spammers find a way through the filters and get the chance to distribute their phishing emails. As a Gmail client, you should know how to identify and handle these emails when they get through the filters.

This is also becoming more and more difficult as spammers get more advanced in their phishing techniques. Some of the latest Gmail phishing is so advanced that they even appear to be from legitimate domains, and even the code of the email is disguised to make it appear legitimate and bypass the Gmail filters.

How do these spammers get past the Gmail filters?

The goal of phishing emails is to collect your data. These could be email addresses that the spammers can then sell, credit card information, personal information for identity theft, and even links distributing malware and ransomware. Gmail adapts its filters frequently and quickly once they identify these threats. However, it is difficult to track down the source as these spammers never use the same email account for longer than a week.

ADVERTISEMENT

In the last few weeks, there has been a notable increase in spam that bypassed the Gmail filter, according to Sergio De Los Santos, the Director of Innovation and Laboratory in Cybersecurity at Telefonica Digital. These latest phishing attacks appear as emails related to packages that are waiting to be delivered.

The email header of these phishing emails will show something like: ‘Received: from http://parmaxiz.org.uk (127.0.0.1)’. This makes it appear as if the email originated from a legitimate domain. These domains can point to real businesses such as Microsoft, Netflix, and more to appear legitimate.

Upon inspection, these domains were all created fairly recently. All contain a mailing list signup with a single form field, a unsubscribe button and cleverly encourages you to submit an application and not enter your email address. This way, they all look real. However, by interacting with any of these options, you are either signaling to the spammer that your email address is live. Or giving them more information (including your email address) by completing the ‘application’ as these forms collect email addresses even if you do not enter one.

In the body of the email, they always include information that appears legitimate. The text is usually in English and will contain purchase confirmations or password reminders; however, this is usually hidden in the HTML code (Base64 code). This code is arranged in a way so that the reader doesn’t see it. Still, it’s enough to trick Gmail’s filters.

The Base64 code is completely useless other than to trick the Gmail filters. So what is it that readers will actually see in the body of the email? What we see when opening the phishing email is a png file. This png file is repeated on various websites and looks very similar to each other.

Once you click on the email, you will be directed to a very clever bot. This bot will interact with you in your local language and advise that you have a package at their offices. They will even supply you with an image and other details to make it convincing. They will go on to tell you that the delivery address is not clear. They will request that you provide the correct information and pay the shipping fees. And just like that, they have you.

How to identify a Gmail phishing email example?

There are a few different ways that you can identify potential phishing emails. The first thing you want to look at is the address of the email received. In some cases, it can be quite easy to spot a spam or phishing email as the sender’s address might not match the business they are attempting to impersonate. However, the email address appears to come from a legitimate domain in some of these more recent attacks.

Gmail phishing email example with a link and the ‘from’ account is suspicious

Another Gmail phishing email example is an email that includes a link or a button for you to click on that redirects you to a suspicious page. How do you know it’s suspicious? Look at the address in the link. In many cases, the address won’t be the legitimate domain of the company being impersonated.

Gmail phishing email example where the ‘Reply To’ account is suspicious. Email also contains potential phishing buttons

If you receive an email regarding a package, like the current attacks that are going around, you may find it a challenge to see if the email is a phishing attempt. However, if you haven’t ordered any packages and know that no one has sent you any, you have reason to be suspicious. If you have some coding knowledge, you can look at the HTML of the email to see if the Base64 code matches the content in the body of the email. Alternatively, you can contact the company listed in the email directly, not using any contact details from within the email, and inquire with them directly.

How to report phishing Gmail attempts?

Although Gmail’s filters are quite advanced when it comes to blocking spam and phishing attacks, spammers evolve and are always looking for ways to bypass the filters. Like the recent surge where spammers fool the filters by making it appear as if the emails originate from a specific domain and get creative with the Base64 code. The best way for Google to adapt is to adjust the filters to accommodate these new threats. Google can only do this if the problem is flagged. This is why it’s so important to report phishing emails as quickly as possible.

If you report phishing, Gmail can start working on rules to block these types of harmful emails. Google has also made it very simple to report any emails that you find suspicious, and you can do so directly within your Gmail account. You simply open the suspicious email from your Gmail inbox. Next, you click on the three vertical dots to open more options. In the drop-down list, choose to report the message as phishing.

Report phishing emails in Gmail

Closing words

Phishing emails have been around for as long as emails have existed. The best defense is Gmail’s filters and being aware of how to identify potential phishing attacks. If you see any suspicious emails, make sure to report them so that Google can start working on solutions to block these attempts. The latest attacks appear to be from legitimate domains, and even the email body seems real. They also come with the premise of a package that is at their office and needs to be delivered to you. Be careful, and make 100% sure that the email is real before giving away any of your details.

More about Gmail:

What does archive mean in Gmail?

What are the best Chrome extensions for Gmail?

Summary
How Gmail phishing emails bypass the filters and how to spot them
Article Name
How Gmail phishing emails bypass the filters and how to spot them
Description
The latest Gmail phishing emails that are bypassing the filters disguise their Base64 code and more to trick the email client.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «

Comments

  1. Yuliya said on October 19, 2021 at 9:28 am
    Reply

    Normies never check the sender’s address, never check the web address of the page they are on entering login details, let alone its certificate. Hell, not even the phone number of scam SMS. I have come to the conclusion that they can’t be helped. The best you can do is leave their instance of Chrome in its default botnet state and fingers crossed goolag already blacklisted the address they’re about to get exploited on.

    1. Guulag said on November 1, 2021 at 12:21 pm
      Reply

      What is goolag? Is it same as Gulag?

      https://en.wikipedia.org/wiki/Gulag

  2. asd said on October 19, 2021 at 11:37 am
    Reply

    Gmail spam filter used to be bulletproof for me for many years… lately a lot of spam has been getting through.
    What is worse is that I see a ton of spammers setup their phishing/malware sites on “storage.googleapis.com” ! Looks like Google is loosing the battle to spammers.

  3. Tom Hawack said on October 19, 2021 at 2:08 pm
    Reply

    I’m neither a moralist nor a philosopher but, frankly : why not just avoid Gmail? No scoop in reminding that nasty stuff targets masses’ meetings, and Google as well as all its services are overpopulated. Not to mention Google’s care for improving our lives by knowing them, and that includes knowing our Gmail correspondence and its content. For a buck a month on average you can find excellent email service providers with excellent anti-spam filters. Whatever, above all, a wise and cautious management of our email addresses (Disposable Email plus what address we give to who we give it) should help a lot in avoiding spam. I have the feeling many of us prefer to bypass the bother of being smartly organized in terms of privacy and apply medicine once the troubles arise. I receive NO spam here, not one, and if I ever did it’s considered as an event and cure immediately applied (the offender’s face stuck into the mud) but last intruder goes back to two years ago. Tools exist.

  4. Taomyn said on October 19, 2021 at 3:05 pm
    Reply

    I just want the “block” option in GMail to actually mean block and not “we’ll continue to allow the email from the same sender into our system and into your junk folder so that it green flags the sender that the address is real”. They should be bounced back at the mail transport level as rejected after first tarpitting the connection to waste the sender’s time.

  5. Dave said on October 19, 2021 at 3:06 pm
    Reply

    I’m getting flooded by a new spam scheme that uses “Randomized Domain Names” that all end in .fi and are impossible to block with the current blocking filters on outlook.

    Example: [email protected]

    The junk filter does catch them but they fill the junk folder every day. I need to check that folder in case something that isn’t junk ended up in there and sifting through 50 or more emails is a pain is the arse.

    I’ve spoken to outlook support and they say they are aware and are working on it. I’ve told them we need to be able to use wildcards in the domain blocking and that would let us take care of it.

  6. Dave said on October 19, 2021 at 3:07 pm
    Reply

    hmm, example: random(at)random(dot)fi

  7. Anonymous said on October 19, 2021 at 3:42 pm
    Reply

    Like with other Google products, the main threat when using Gmail is Google itself. That should be the number one thing to remind in every mention of such a service: don’t use it. But somehow having one’s mail read and its content misused by a company like Google is now considered less of a problem by the ambient brainwashing machine than the risk of having one’s email address detected as active by a spammer.

    Soon “privacy recommendation” articles everywhere will probably parrot Google in pretending that you should use Gmail for better privacy, maybe because good antispam filters or good 2FA. Like they already say that telling Google automatically in the background what files you download and from where (“safebrowsing”), or telling Apple automatically in the background what programs you run at the time you launch them (“notarization”), or supporting only Google hardware for your “privacy hardened” mobile OS, would be better for your privacy.

    The present article itself isn’t that problematic but the “Don’t forget to put sunscreen to avoid sunburns before jumping into an erupting volcano” approach without reminding about the lava problem isn’t helping either.

  8. Kindkiwi said on October 19, 2021 at 7:55 pm
    Reply

    Google drive is another place where spammers are getting through & very little u can do anything about it

  9. Haakon said on October 19, 2021 at 8:27 pm
    Reply

    After almost two decades of rolling over for oppressive powers and narrative authorities and as a favored apparatchik of communist regimes worldwide, google does have the filtering and blocking science nailed down and fully integrated in all its products. The free world simply agrees to suspend privacy for what google allows through (especially on google-droid phones), tricking everyone into thinking privacy settings actually do anything.

    Yes, I know google is not the only offender. Just the worst of ’em.

  10. Alex said on October 19, 2021 at 11:49 pm
    Reply

    I keep getting BCC spam from AOL emails. I filtered them. I reported them. Everything. They still come through.

  11. Anonymous said on October 20, 2021 at 2:28 am
    Reply

    Seems like something’s wrong with everyone’s gmail. I have almost spam in my inbox since 15 years ago.

  12. G said on November 3, 2021 at 5:27 pm
    Reply

    Gmail now just let’s loads of porn etc flood my bin and spam folder.
    It seems to all come from the same address but they do nothing to stop it.
    I’m left with no option other than to open a new email account with someone else and hope that all the genuine companies I’m registered on I can sort and change over.
    I’m sure it will effect me and I will miss stuff, but I can’t stand the filth arriving constantly in my Gmail anymore.
    I only use an android phone, but I’m now getting hundreds a day some of which appear in my inbox. Reporting it does nothing at all so time to say FU Google.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.