Google has countered a “highly effective” phishing scam that in recent months impacted users of its Gmail email service. Scammers had been tricking people into divulging their passwords by directing them to lookalike login pages that tripped no alarms in the victim’s web browser. Google has responded to the problem with an update to its Chrome browser. In the new version, released earlier this month, the browser’s address bar warns people when they have been served a page that uses the phishing trick. While the browser previously indicated nothing suspicious about the sham account sign-ins, the revamped version now displays “not secure” in such instances. (It is still incumbent upon the Gmail user to heed that warning, of course.) Scammers had been sending people fraudulent email messages from the compromised accounts of known contacts. Inside, the notes included embedded images designed to look like PDF attachments that, when clicked, opened bogus Gmail login pages.

  • Key takeaway: Make sure, if you use Chrome, that your browser is up to date. Steer clear of “not secure” web pages (in addition to ones not protected by “https”) when entering credentials. And always triple check to make sure you’re transacting with the intended website before entering a password.