Reply to post: Re: Hide extensions for known file types

Brilliant phishing attack probes sent mail, sends fake attachments

LDS Silver badge

Re: Hide extensions for known file types

The issue here has nothing to do with Explorer, but with the data: URL scheme. The attachment never gets to your hard disk, it's a fake. When you attempt to open/download it, you get redirected to the fake Google login. You'll never leave the browser.

AFAIK, it will work on any OS, with any browser supporting the data: scheme.

This is an attack aimed at stealing Gmail credentials (and then probably download user data before using it to mount new attacks).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019