There is a pretty effective phishing scam going on over the last little while that primarily targets Gmail users. However, in this blog post there is advice that can be applied to basically any of the Internet tools we use, including Facebook, Twitter, and MySpace (just kidding).
In case you don’t know, phishing is a way for nefarious characters (people up to bad things) to try and get access and control of your email or Internet tool without you knowing. Once they have access and control, they can send out more scammy-spammy-phishing emails under your name.
In the phishing scam that I have recently heard about, essentially what happens is that you receive an email from somebody in your contact list. Totally normal looking email from someone you know. In that email is an attachment, typically a picture or what looks like a PDF.
As Google mail normally does, the attachment is a small image in the bottom left hand corner of the email. When you se the attachment, you can choose to download the attachment, view it, or save to Google Drive. The key to this phishing scam is that the photo/attachment looks absolutely realistic.
Because the photo/attachment looks VERY legit, you click on it. The next thing that happens is that a new screen or tab will open up saying that in order to view the photo you need to log into your Google account.
This is where the problems begin because if you do as the new page suggests and you log into your account the second time, then your account is virtually immediately compromised. Or as we say, you’ve been hacked.
As a rule of thumb, whenever you see a screen asking you to log into a tool like Gmail or Facebook when you are already logged into your account, that is typically when bad things begin to happen.
With the phishing scam that’s going around Gmail right now it is often within minutes that your account is compromised. And then once your account is compromised, the hackers are able to send out more phishing scam emails from your account to all the people on your contact list.
The best way to protect yourself from these sort of scams is to realize that if you were already logged into your account whether it’s your Google account your Facebook account or your MySpace account, it is extremely unlikely that you need to log into your account again.
Another thing to keep in mind is that in the address bar at the top of the page, the text should say something like “https://…” and that text will be in green letters. And, just in case you didn’t know, the “s” at the end of “https” means “secure”.
If it is some nefarious character who is sent out the phishing scam email then it may be that the “http” text is in black. Or worst-case it is red.
Red means stop.
Another thing you might notice is that the address on the second screeen, the scam-phishing screen, the web address or the URL is preceded by the prefix “data:text/html.” That is NEVER the case with the authentic Google login page.
These are all pretty small things that you have to be aware of. But that is how you can protect yourself online – pay attention to the details!!
So, in conclusion, there are three things you can do to prevent your email account from getting hacked:
- Don’t log into your account if you already logged into your account.
- If you see red or black font in the address bar stop and check; ask yourself if this seems safe.
- If you see odd looking text between the https:// and the words “account, pause and double check. It may be a phishing scam.
Paying attention to the details is the best protection to keep you from being hacked.