FBI Shares Advice on Sophisticated Gmail Phishing Attacks

FBI Shares Advice on Sophisticated Gmail Phishing Attacks

Category: <h2 class="cBlue inline m-r-10">Arti<span class="cOrange">cles</span></h2>

FBI Shares Advice on Sophisticated Gmail Phishing Attacks

Information
  Phishing is a type of cyberattack that uses fraudulent emails, text messages, phone calls or websites to trick people into sharing sensitive data, downloading malware or otherwise exposing themselves to cybercrime.


  Phishing scams are designed to access personal information, like Social Security numbers and bank account details, that could result in thousands of dollars being stolen from people who fall for the scams.

Incident

  Google’s Gmail, one of the world’s most widely used email services, has become the primary target of these AI driven phishing campaigns. Because a Gmail account is often linked to other Google services including Google Drive, Google Photos, and Google Pay gaining access to one account can provide hackers with a treasure trove of personal and financial data.

 

  The Federal Bureau of Investigation (FBI) has issued a critical warning to Gmail users, urging them to exercise extreme caution amid a wave of highly sophisticated phishing attacks. Cybercriminals now use artificial intelligence (AI) to craft nearly undetectable scams, making traditional security measures less effective.

 

  Cybersecurity experts have observed a staggering rise in phishing attacks over the past few years, with AI playing a pivotal role in their increasing effectiveness. According to the newly updated Hoxhunt Phishing Trends Report, phishing attacks capable of bypassing security filters have surged by 49% since early 2022. Alarmingly, AI-generated phishing emails now make up nearly 5% of total phishing threats.

  Attackers deploy various techniques to trick users into revealing their login credentials, including:

  - AI-generated phishing emails that mimic official Google communications

  - Fake Google login pages that steal usernames and passwords

  - Social engineering tactics that pressure users into urgent actions

Recommendation

  Google emphasizes that while no security system is foolproof, users should exercise caution and implement the following best practices to safeguard their accounts:

  • Avoid Unsolicited Communications: Do not engage with unsolicited calls or emails claiming to be from customer support. Legitimate companies, including Google, typically do not initiate unsolicited contact.
  • Protect Personal Information: Never share login credentials, verification codes, or personal details over the phone or through email.
  • Verify Authenticity: If you receive a suspicious communication, contact the company directly using official contact information available on their website, rather than using contact details provided in the unsolicited message.
  • Do Not Click on Links in Unfamiliar Emails: Avoid clicking on links in unsolicited or suspicious emails, as they may be phishing attempts trying to steal your information.
  • Enable Two-Factor Authentication (2FA): Activate 2FA on your Gmail account to add an extra layer of security, making it significantly harder for attackers to gain unauthorized access.
  • Use Password Managers: Employ password managers to ensure strong, unique passwords for your accounts and to prevent entering credentials on fraudulent sites.

 

The important things is Security systems. We must concern and monitor as usual.
For more information please contact
Email :sales@inetms.co.th
065 149 2822 (Ms.Suphatson )
063 204 4534 (Ms.Atsamaphorn)
065 929 6330 (Ms.Kansinee)
0613879439 (Ms.Sirilak)
0922576902 (Ms.Narusorn)

 

References

Weekly Interesting CVE

NO.

CVE Name

Published Date

Last Update

Device/Appplication/OS Target

Attack Type

CVSS
Severity Rating

Detail

Solution

Reference
1

CVE-2025-25064

3/2/2025

6/2/2025

Zimbra Collaboration

SQL Injection

9.8

SQL injection vulnerability in the ZimbraSync Service SOAP endpoint in Zimbra Collaboration 10.0.x before 10.0.12 and 10.1.x before 10.1.4 due to insufficient sanitization of a user-supplied parameter. Authenticated attackers can exploit this vulnerability by manipulating a specific parameter in the request, allowing them to inject arbitrary SQL queries that could retrieve email metadata.

Update your Zimbra Collaboration Suite to a patched version (10.0.12, 10.1.4 or newer)

https://nvd.nist.gov/vuln/detail/CVE-2025-25064
2

CVE-2025-25246

5/2/2025

5/2/2025

NETGEAR XR1000

Code Injection

8.1

NETGEAR XR1000 before 1.0.0.74, XR1000v2 before 1.1.0.22, and XR500 before 2.3.2.134 allow remote code execution by unauthenticated users.

XR1000 fixed in firmware version 1.0.0.74
XR1000v2 fixed in firmware version 1.1.0.22
XR500 fixed in firmware version 2.3.2.134

https://nvd.nist.gov/vuln/detail/CVE-2025-25246
3

CVE-2025-25065

3/2/2025

4/2/2025

Server-Side Request Forgery

Identifier Guessing Attack

5.3

SSRF vulnerability in the RSS feed parser in Zimbra Collaboration 9.0.0 before Patch 43, 10.0.x before 10.0.12, and 10.1.x before 10.1.4 allows unauthorized redirection to internal network endpoints.

Update your Zimbra Collaboration Suite to a patched version (9.0.0 Patch 43, 10.0.12, 10.1.4 or later.)

https://nvd.nist.gov/vuln/detail/CVE-2025-25065


 
 4

CVE-2025-25039

4/2/2025

4/2/2025

HPE Aruba Networking ClearPass Policy Manager (CPPM)

Remote Code Execution

4.7

A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager (CPPM) allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system.

Update your HPE Aruba Networking ClearPass Policy Manager to version 6.12.4 or later

https://nvd.nist.gov/vuln/detail/CVE-2025-25039
5

CVE-2025-24982

4/2/2025

4/2/2025

Activity Log WinterLock
(Wordpress plugins)

Cross-Site Request Forgery

4.3

Cross-site request forgery vulnerability exists in Activity Log WinterLock versions prior to 1.2.5. If a user views a malicious page while logged in, the log data may be deleted.

Update Activity Log WinterLock to Version 1.2.6 or later.

https://www.cve.org/CVERecord?id=CVE-2025-24982

No

Campaign Name

Detection Date

Attack

Type

  

Description

  

Mitigation/Remediation
1

DeepSeek​

07/02/2025

Data Exposure & Privacy Violation, Unauthorized Data Transmission​

Security researchers have found that DeepSeek AI sends user and device data across the internet unencrypted, making it vulnerable to eavesdropping and alteration. The data is also sent to servers owned by ByteDance (TikTok's parent company), leading countries such as South Korea and Taiwan to restrict its use.​
  • Remove DeepSeek App: Users should consider removing this app from their device to prevent potential risks.​
  • Be careful when using AI apps: Always check the app’s privacy policy and security measures before using it.​

Ref:https://thehackernews.com/2025/02/deepseek-app-transmits-sensitive-user.html

 

 

25 February 2025

Viewed 32 time

Engine by shopup.com