An analysis of the phishing scam that has been affecting Google users, along with steps to take for protection, as well as what to do if you receive one of the emails.
There has been a phishing attack that has been tricking many people into giving out their credentials for their Gmail accounts. Some of you may have heard about it in the news, yet don't understand it. This post is designed to help you understand the attack, along with steps for remediation, as well as protecting yourself.
What is Phishing?
Phishing is the act of attempting to obtain information or resources such as financial information, money, or passwords through fraudulent emails purporting to be from legitimate sources like a bank, coworker, or friend. Many phishing schemes will usually try to get you to go to a fake website where you submit information for what seems to be a legitimate purpose. Others may try to get you to wire money to their account.
Description of Gmail Phishing Scam
You may receive a message in your email from someone you know that has a subject line that seems relevant to a discussion you may have. There will also be what appears to be an attachment in your email, which is actually an embedded image. Once you’ve clicked on the ”attachment”, you may find yourself seeing what appears to be the Google logon page. However, in looking at the address bar, you may notice that the URL has “data:text/html” at the beginning. There is also another red flag: If you choose to look at the entire URL, you will notice a large amount of whitespace. No valid website will ever have either of these two things. In Google Chrome, you should notice a green lock on the left side of the address alerting you that you’re on a secure website. If you click in the address bar to see the entire URL, you will never see whitespaces in it.
What should I do if I receive one of these emails?
If you know the sender personally, contact them by some means other than email to let them know that their account has been compromised. Let them know to immediately change their password and to consider utilizing two-factor authentication. You could even share this article with them.
What if I click an email and get to the page?
Please immediately close the page and do NOT enter your login credentials. As long as you have not done this, then your account is safe. If you have submitted your username and password, please see the instructions for “What if my account has been compromised?”
How can I protect myself?
There are multiple ways we can protect ourselves from this phishing attack. One way is to pay attention to the details of any email that you might receive (things like sender, subject, attachments, and links). Another method is utilizing Google’s 2-step verification feature. An additional protection that could be taken is to use unique passwords for each online account.
How can I check if my account may have been compromised?
Gmail offers a feature where you can check login activity. To use this feature, scroll to the bottom of your inbox and click “Details” (very small in the far lower right hand corner of the screen). This will show you all currently active sessions as well as your recent login history. If you see active logins from unknown sources, you can force them closed. If you see any logins in your history from places you don’t know, your account may have been compromised.
What if my account has been compromised?
Immediately change your password, and consider setting up two-step verification on your account (https://support.google.com/accounts/answer/185839?hl=en
). Also, please take this of a reminder that your accounts should have unique passwords. In giving up your password that is used in multiple places, the chances of other accounts with the same password being compromised rises exponentially. Check your sent mail for potential emails that you did not send. If you see messages looking similar to what has been described, immediately contact the recipients and let them know what happened.