This is harder to spot than other similar phishing campaigns
http://i1-news.softpedia-static.com/images/fitted/340x180/phishing-trick-targeting-google-relies-on-data-uris-to-mask-the-page-s-real-url.png
Jun 30, 2016 10:20 GMT · By Catalin Cimpanu Google took down a recent phishing campaign that was abusing Goo.gl short URLs and an older data URI trick to mask the page's real URL and fool victims into thinking they were on the actual Google login page.
According to My Online Security, who analyzed this recent phishing campaign, crooks were spreading around a Goo.gl short URL, now taken down, which was redirecting users to a page on the nwfacilities[.]top domain.
Data URIs used for URL spoofing phishing scams
The problem was that this page contained source code that would refresh the page and replace its original URL with one that read, "data:text/html,https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue."
Full Article