Gmail Scam Puts 1.8 Billion Accounts at Risk

by Justin Erickson

Security researchers have highlighted a widespread phishing scheme aimed at Gmail’s user base, targeting all 1.8 billion Gmail accounts worldwide. Attackers are using a new tool called Astaroth that steals a victim’s web security details in real-time – usernames and passwords, 2FA codes, and session cookies – making the victim believe they’ve logged into their account normally, when in reality they’ve been sent to a phony webpage which looks just like their browser. Attackers can then impersonate the victim, sending emails from their account as they wish. Anyone using services like Gmail, Yahoo, AOL, and Microsoft Outlook could be at risk. To avoid this scam, users should enable the spam filter to block fraudulent emails like these, avoid clicking on any unsolicited links, and double check to make sure they are using official login pages.