Back
Cyber Security Training & Software for Companies | MetaCompliance

Products

Discover our suite of personalised Security Awareness Training solutions, designed to empower and educate your team against modern cyber threats. From policy management to phishing simulations, our platform equips your workforce with the knowledge and skills needed to safeguard your organisation.

Cyber Security eLearning

Cyber Security eLearning to Explore our Award-Winning eLearning Library, Tailored for Every Department

Security Awareness Automation

Schedule Your Annual Awareness Campaign In A Few Clicks

Phishing Simulation

Stop Phishing Attacks In Their Tracks With Award-Winning Phishing Software

Policy Management

Centralise Your Policies In One Place And Effortlessly Manage Policy Lifecycles

Privacy Management

Control, Monitor, and Manage Compliance with Ease

Incident Management

Take Control Of Internal Incidents And Remediate What Matters

Back
Industry

Industries

Explore the versatility of our solutions across diverse industries. From the dynamic tech sector to healthcare, delve into how our solutions are making waves across multiple sectors. 


Financial Services

Creating A First Line Of Defence For Financial Service Organisations

Governments

A Go-To Security Awareness Solution For Governments

Enterprises

A Security Awareness Training Solution For Large Enterprises

Remote Workers

Embed A Culture Of Security Awareness - Even At Home

Education Sector

Engaging Security Awareness Training For The Education Sector

Healthcare Workers

See Our Tailored Security Awareness For Healthcare Workers

Tech Industry

Transforming Security Awareness Training In The Tech Industry

NIS2 Compliance

Support Your Nis2 Compliance Requirements With Cyber Security Awareness Initiatives

Back
Resources

Resources

From posters and policies to ultimate guides and case studies, our free awareness assets can be used to help improve cyber security awareness within your organisation.

Cyber Security Awareness For Dummies

An Indispensable Resource For Creating A Culture Of Cyber Awareness

Dummies Guide To Cyber Security Elearning

The Ultimate Guide To Implementing Effective Cyber Security Elearning

Ultimate Guide To Phishing

Educate Employees About How To Detect And Prevent Phishing Attacks

Free Awareness Posters

Download These Complimentary Posters To Enhance Employee Vigilance

Anti Phishing Policy

Create A Security-Conscious Culture And Promote Awareness Of Cyber Security Threats

Case Studies

Hear How We’re Helping Our Customers Drive Positive Behaviour In Their Organisations

A-Z Cyber Security Terminology

A Glossary Of Must-Know Cyber Security Terms

Cyber Security Behavioural Maturity Model

Audit Your Awareness Training And Benchmark Your Organisation Against Best Practice

Free Stuff

Download Our Free Awareness Assets To Improve Cyber Security Awareness In Your Organisation

Back
MetaCompliance | Cyber Security Training & Software for Employees

About

With 18+ years of experience in the Cyber Security and Compliance market, MetaCompliance provides an innovative solution for staff information security awareness and incident management automation. The MetaCompliance platform was created to meet customer needs for a single, comprehensive solution to manage the people risks surrounding Cyber Security, Data Protection and Compliance.

Why Choose Us

Learn Why Metacompliance Is The Trusted Partner For Security Awareness Training

Employee Engagement Specialists

We Make It Easier To Engage Employees And Create a Culture of Cyber Awareness

Security Awareness Automation

Easily Automate Security Awareness Training, Phishing And Policies In Minutes

Leadership

Meet the MetaCompliance Leadership Team

MetaBlog

Stay informed about cyber awareness training topics and mitigate risk in your organisation.

Phishing Attack Immediately Compromises Victims’ Gmail Accounts

shutterstock_554859067

about the author

Share this post

A new attack campaign phishes for users’ Gmail credentials and immediately leverages those details to steal access to victims’ accounts.

The attack begins when a user receives an email to their Gmail account. The email might come from someone whom the recipient might know but whose account the attackers have already compromised. As with most phishing campaigns, it comes with an attachment. Most of the attack emails appear to carry an attached image that is familiar to the recipient.

One would think clicking on the image would cause a preview to pop up. But that doesn’t happen. Mark Maunder, chief executive officer of WordFence, explains in a blog post:

“Instead, a new tab opens up and you are prompted by Gmail to sign in again. You glance at the location bar and you see accounts.google.com in there. It looks like this….”

Phishing Attack Immediately Compromises Victims' Gmail Accounts

The last thing a user wants to do is sign in using this convincing (but fake) Google login page. Doing so would provide the attackers with their Gmail login credentials. To make matters worse, if they do acquire their details, the attackers don’t waste any time in using them to compromise the user’s account and distribute phishing emails to some of their contacts.

As one commenter on Hacker News describes it:

“The attackers log in to your account immediately once they get the credentials, and they use one of your actual attachments, along with one of your actual subject lines, and send it to people in your contact list.”

“For example, they went into one student’s account, pulled an attachment with an athletic team practice schedule, generated the screenshot, and then paired that with a subject line that was tangentially related, and emailed it to the other members of the athletic team.”

To protect themselves against this attack campaign, users should first look at the location bar of a Google sign-in page a bit more closely before they log in. Google’s actual sign-in page should show nothing in the sign-bar before “accounts.google.com” except “https://”.

Phishing Attack Immediately Compromises Victims' Gmail Accounts

The scam’s use of “data:text/html” gives away the scam’s use of a file, that is, a fake Gmail login page.

Users should also enable two-step verification on their accounts. This feature will help protect users’ accounts even in the event someone does steal their username and passwords.

At the same time, organizations should help educate their employees about phishing scams. Simulated phishing campaigns oftentimes get the point across to users when it comes to looking out for suspicious emails. Organizations can design and send out these emails via the use of third-party security awareness training software.

Does this solution sound of interest to you?

If so, contact Metacompliance today and learn how its phishing simulations can help take your employees account security to the next level.

Other Articles on Cyber Security Awareness Training You Might Find Interesting