How Gmail phishing emails bypass the filters and how to spot them
Although email spam is something that we are faced with every day, it should still be taken very seriously. There is no hard-and-fast law against spam, and most prominent spammers only get caught for wire fraud or other financial crimes and not spam emails. The only real solution is spam filters.
While Gmail has quite advanced spam filters, it is not perfect. Now and then, spammers find a way through the filters and get the chance to distribute their phishing emails. As a Gmail client, you should know how to identify and handle these emails when they get through the filters.
This is also becoming more and more difficult as spammers get more advanced in their phishing techniques. Some of the latest Gmail phishing is so advanced that they even appear to be from legitimate domains, and even the code of the email is disguised to make it appear legitimate and bypass the Gmail filters.
How do these spammers get past the Gmail filters?
The goal of phishing emails is to collect your data. These could be email addresses that the spammers can then sell, credit card information, personal information for identity theft, and even links distributing malware and ransomware. Gmail adapts its filters frequently and quickly once they identify these threats. However, it is difficult to track down the source as these spammers never use the same email account for longer than a week.
In the last few weeks, there has been a notable increase in spam that bypassed the Gmail filter, according to Sergio De Los Santos, the Director of Innovation and Laboratory in Cybersecurity at Telefonica Digital. These latest phishing attacks appear as emails related to packages that are waiting to be delivered.
The email header of these phishing emails will show something like: ‘Received: from http://parmaxiz.org.uk (127.0.0.1)’. This makes it appear as if the email originated from a legitimate domain. These domains can point to real businesses such as Microsoft, Netflix, and more to appear legitimate.
Upon inspection, these domains were all created fairly recently. All contain a mailing list signup with a single form field, a unsubscribe button and cleverly encourages you to submit an application and not enter your email address. This way, they all look real. However, by interacting with any of these options, you are either signaling to the spammer that your email address is live. Or giving them more information (including your email address) by completing the ‘application’ as these forms collect email addresses even if you do not enter one.
In the body of the email, they always include information that appears legitimate. The text is usually in English and will contain purchase confirmations or password reminders; however, this is usually hidden in the HTML code (Base64 code). This code is arranged in a way so that the reader doesn’t see it. Still, it’s enough to trick Gmail’s filters.
The Base64 code is completely useless other than to trick the Gmail filters. So what is it that readers will actually see in the body of the email? What we see when opening the phishing email is a png file. This png file is repeated on various websites and looks very similar to each other.
Once you click on the email, you will be directed to a very clever bot. This bot will interact with you in your local language and advise that you have a package at their offices. They will even supply you with an image and other details to make it convincing. They will go on to tell you that the delivery address is not clear. They will request that you provide the correct information and pay the shipping fees. And just like that, they have you.
How to identify a Gmail phishing email example?
There are a few different ways that you can identify potential phishing emails. The first thing you want to look at is the address of the email received. In some cases, it can be quite easy to spot a spam or phishing email as the sender’s address might not match the business they are attempting to impersonate. However, the email address appears to come from a legitimate domain in some of these more recent attacks.
Another Gmail phishing email example is an email that includes a link or a button for you to click on that redirects you to a suspicious page. How do you know it’s suspicious? Look at the address in the link. In many cases, the address won’t be the legitimate domain of the company being impersonated.
If you receive an email regarding a package, like the current attacks that are going around, you may find it a challenge to see if the email is a phishing attempt. However, if you haven’t ordered any packages and know that no one has sent you any, you have reason to be suspicious. If you have some coding knowledge, you can look at the HTML of the email to see if the Base64 code matches the content in the body of the email. Alternatively, you can contact the company listed in the email directly, not using any contact details from within the email, and inquire with them directly.
How to report phishing Gmail attempts?
Although Gmail’s filters are quite advanced when it comes to blocking spam and phishing attacks, spammers evolve and are always looking for ways to bypass the filters. Like the recent surge where spammers fool the filters by making it appear as if the emails originate from a specific domain and get creative with the Base64 code. The best way for Google to adapt is to adjust the filters to accommodate these new threats. Google can only do this if the problem is flagged. This is why it’s so important to report phishing emails as quickly as possible.
If you report phishing, Gmail can start working on rules to block these types of harmful emails. Google has also made it very simple to report any emails that you find suspicious, and you can do so directly within your Gmail account. You simply open the suspicious email from your Gmail inbox. Next, you click on the three vertical dots to open more options. In the drop-down list, choose to report the message as phishing.
Phishing emails have been around for as long as emails have existed. The best defense is Gmail’s filters and being aware of how to identify potential phishing attacks. If you see any suspicious emails, make sure to report them so that Google can start working on solutions to block these attempts. The latest attacks appear to be from legitimate domains, and even the email body seems real. They also come with the premise of a package that is at their office and needs to be delivered to you. Be careful, and make 100% sure that the email is real before giving away any of your details.
More about Gmail: