How Gmail phishing emails bypass the filters and how to spot them
Although email spam is something that we are faced with every day, it should still be taken very seriously. There is no hard-and-fast law against spam, and most prominent spammers only get caught for wire fraud or other financial crimes and not spam emails. The only real solution is spam filters.
While Gmail has quite advanced spam filters, it is not perfect. Now and then, spammers find a way through the filters and get the chance to distribute their phishing emails. As a Gmail client, you should know how to identify and handle these emails when they get through the filters.
This is also becoming more and more difficult as spammers get more advanced in their phishing techniques. Some of the latest Gmail phishing is so advanced that they even appear to be from legitimate domains, and even the code of the email is disguised to make it appear legitimate and bypass the Gmail filters.
How do these spammers get past the Gmail filters?
The goal of phishing emails is to collect your data. These could be email addresses that the spammers can then sell, credit card information, personal information for identity theft, and even links distributing malware and ransomware. Gmail adapts its filters frequently and quickly once they identify these threats. However, it is difficult to track down the source as these spammers never use the same email account for longer than a week.
In the last few weeks, there has been a notable increase in spam that bypassed the Gmail filter, according to Sergio De Los Santos, the Director of Innovation and Laboratory in Cybersecurity at Telefonica Digital. These latest phishing attacks appear as emails related to packages that are waiting to be delivered.
The email header of these phishing emails will show something like: ‘Received: from http://parmaxiz.org.uk (127.0.0.1)’. This makes it appear as if the email originated from a legitimate domain. These domains can point to real businesses such as Microsoft, Netflix, and more to appear legitimate.
Upon inspection, these domains were all created fairly recently. All contain a mailing list signup with a single form field, a unsubscribe button and cleverly encourages you to submit an application and not enter your email address. This way, they all look real. However, by interacting with any of these options, you are either signaling to the spammer that your email address is live. Or giving them more information (including your email address) by completing the ‘application’ as these forms collect email addresses even if you do not enter one.
In the body of the email, they always include information that appears legitimate. The text is usually in English and will contain purchase confirmations or password reminders; however, this is usually hidden in the HTML code (Base64 code). This code is arranged in a way so that the reader doesn’t see it. Still, it’s enough to trick Gmail’s filters.
The Base64 code is completely useless other than to trick the Gmail filters. So what is it that readers will actually see in the body of the email? What we see when opening the phishing email is a png file. This png file is repeated on various websites and looks very similar to each other.
Once you click on the email, you will be directed to a very clever bot. This bot will interact with you in your local language and advise that you have a package at their offices. They will even supply you with an image and other details to make it convincing. They will go on to tell you that the delivery address is not clear. They will request that you provide the correct information and pay the shipping fees. And just like that, they have you.
How to identify a Gmail phishing email example?
There are a few different ways that you can identify potential phishing emails. The first thing you want to look at is the address of the email received. In some cases, it can be quite easy to spot a spam or phishing email as the sender’s address might not match the business they are attempting to impersonate. However, the email address appears to come from a legitimate domain in some of these more recent attacks.
Another Gmail phishing email example is an email that includes a link or a button for you to click on that redirects you to a suspicious page. How do you know it’s suspicious? Look at the address in the link. In many cases, the address won’t be the legitimate domain of the company being impersonated.
If you receive an email regarding a package, like the current attacks that are going around, you may find it a challenge to see if the email is a phishing attempt. However, if you haven’t ordered any packages and know that no one has sent you any, you have reason to be suspicious. If you have some coding knowledge, you can look at the HTML of the email to see if the Base64 code matches the content in the body of the email. Alternatively, you can contact the company listed in the email directly, not using any contact details from within the email, and inquire with them directly.
How to report phishing Gmail attempts?
Although Gmail’s filters are quite advanced when it comes to blocking spam and phishing attacks, spammers evolve and are always looking for ways to bypass the filters. Like the recent surge where spammers fool the filters by making it appear as if the emails originate from a specific domain and get creative with the Base64 code. The best way for Google to adapt is to adjust the filters to accommodate these new threats. Google can only do this if the problem is flagged. This is why it’s so important to report phishing emails as quickly as possible.
If you report phishing, Gmail can start working on rules to block these types of harmful emails. Google has also made it very simple to report any emails that you find suspicious, and you can do so directly within your Gmail account. You simply open the suspicious email from your Gmail inbox. Next, you click on the three vertical dots to open more options. In the drop-down list, choose to report the message as phishing.
Closing words
Phishing emails have been around for as long as emails have existed. The best defense is Gmail’s filters and being aware of how to identify potential phishing attacks. If you see any suspicious emails, make sure to report them so that Google can start working on solutions to block these attempts. The latest attacks appear to be from legitimate domains, and even the email body seems real. They also come with the premise of a package that is at their office and needs to be delivered to you. Be careful, and make 100% sure that the email is real before giving away any of your details.
More about Gmail:
What does archive mean in Gmail?
What are the best Chrome extensions for Gmail?
You said that Outlook isn’t your main email client, so which is your main one?
I think its thunderbird
It is Mozilla Thunderbird.
Awesome! This actually solved my problem… what a stupid bug.
If this is the same bug that I’ve encountered, there may be another fix: (1) hover over open Outlook item in Taskbar, cursor up to hover over Outlook window item, and right-click; (2) this should give you Restore / Move / Size / Minimize / Maximize — choose Move or Size; (3) use your cursor keys, going arbitrarily N/S/E/W, to try to move or size the Outlook window back into view. Basically, the app behaves as though it were open in a 0x0 window, or at a location that’s offscreen, and this will frequently work to resize and/or move the window. Don’t forget to close while resized/moved, so that Outlook remembers the size/position for next time.
THANK YOU Claude!!! I could get the main window to launch but could not get any other message window to show on the desktop. You are my hero!!!!
Solved my issue! 6 years later and this is still problem…
Fantastic. Thank you. Size did the trick.
This solved my Outlook problem, too. Thank you. :)
Thank you so much, this started happening to me today and was causing big problems. You are a life saver, I hope I can help you in some way some day.
You are a god – thank you!
thanks a lot…. work like charm.. :-)
Yah…thanks Claude. I’ve been having the same problem and tried all the suggestions…your solution was the answer. It had resized itself to a 0/0 box. Cheers
Excellent post. This had me baffled even trying to accurately describe the problem. This fixed it for me.
Thank you
Thanks a lot for the article. Don’t know why it happenend, don’t know how it got fixed, but it was really annoying and now it works :-)
Thanks a lot. I was facing this issue from past 3 week. I tried everything but no resolution. The issue was happening intermittently and mainly when I was changing the display of screen ( as i use 2 monitors). The only option i had was to do system restore. But thanks to you.
I’ve been tried to sole this problem for 12hours. Your comment about changing the display of screen helped me a lot!! Thanks!!
Thank you…don’t know why this happened but your instructions helped me fix it. Running Windows 10 and office pro 2007
Great tip! Thanks!
Worked for me, too – thank you!!!
It’s Worked for me, too
thank you very much!
I had a similar issue with Outlook 2013 on Windows 10 and this helped me to fix it. Thank you very much!
Thank you so much. Solved!
Considering you published this in 2012, incredible not been debugged by Microsoft.
Thank you again. M
This problem was faced by only one user logging to TS 2008 r2 using outlook 2010.The issue was resolved.
Thanks.
Great tip. Thank you!!!! If it helps, I had to use the Control Key and the arrow keys at the same time to bring my window back into view. Worked like a charm.
Thank you, this worked !!!!
Man, you are a fucking god. Thanks a lot, what an annoying bug!!
Awesome, this post solved the issue. Many thanks!