Wednesday, May 24, 2017
If you use Gmail, pay attention! Security experts have announced that there is a very effective phishing scam out there, and you are a target. This scam, which has only been growing over the past couple of months, is also hitting other email providers, too. However, it’s quite difficult to detect.
According to researchers at WordFence, who make a security tool for WordPress, this is a pretty serious attack and can have quite an impact, even for those who are up on security.
Here’s how it works:
You get an email from someone you trust…like a friend or family member or Google. The email, however, is actually not from them. It just looks like it is. Attached to the email is an attachment, which, when opened, links to a fake Google sign-in page. Everything about this Google sign-in page looks legit…but the address in the address bar is not…and here’s where it gets tricky. The address bar actually has a URL that looks real: https://accounts.google.com. However, before that address is whats called a “data URI”. Google it. This is NOT a URL. Instead, it allows the hackers to get your username and password as soon as you enter them into the fake login screen. To make things even worse, once they sign into your actual inbox, they use your information, including attachments and emails, to target your contacts.
Protecting Yourself From This Scam
If you are a Google Chrome user, you can protect yourself by taking a look at the address bar before clicking anything. A green lock symbol is your indicator that it is safe to browse. However, there are some scammers out there who have created their own site that are HTTPS-protected…which also means they will have a green lock. So, also take a look at the address.
Another thing that you can do is add in two-step authentication, which is an extra layer of security. Ultimately, it will help to lower the odds that your account will be compromised. You also might want to consider a security token, as well. If you don’t use two-step authentication with every account that offers it (Facebook, Twitter, iCloud etc), you’re a bit foolish my friend.
Google is aware of the issue, and they are working on improving security for their users. In the meantime, remain vigilant as you browse.
Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.
About the Author
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.
Similar Posts
- How to use two-factor authentication for critical accounts
Have a small business? Great. Have two-factor authentication for your accounts? If you’re not sure of the answer to that question, you could be in trouble. October is National Cyber Security Awareness Month, the perfect time to learn more about cyber security. As a small business owner, you certainly have thought about data breaches. They - 10 Ways to protect your Gmail Account
Protecting your Gmail account means you must activate some tools that Google offers, and you must increase your scam savvy intelligence in order to spot phishing scams. If you do both, you can have a very well-protected Gmail account.#1. Google 2 Step Verification. This is the Holy Grail of account security. Not really, but it’s - 10 Ways to Protect Your Twitter Account From Getting Hacked
Recent news of Twitter accounts being hacked has slowed a bit, partly due to Twitter implementing two-factor authentication. When you sign in to Twitter.com, there’s an option in “Settings” under “Account security” for a second check to require a verification code to make sure it’s really you. You’ll be asked to register a verified phone number and - 7 Ways to Tell If It’s a Fake
Unfortunately in today’s world, scammers are coming at us from all angles to try and trick us to get us to part with our hard earned money. We all need to be vigilant in protecting ourselves online. If you aren’t paying attention—even if you know what to look for—they can get you.There are numerous ways - How to sign out of all Google Accounts
Let’s cut to the chase (never mind how you misplaced your phone): There are several ways to sign out of your Google accounts remotely. It takes three steps, and you’ll need the desktop version of Google. On a mobile use a browser opposed to the Gmail/Google app and sign in at gmail.com.Seek out “Desktop version”