<

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

Protecting yourself from the Gmail Phishing Attack

Published on
4,388 Points
1,088 Views
3 Endorsements
Last Modified:
An analysis of the phishing scam that has been affecting Google users, along with steps to take for protection, as well as what to do if you receive one of the emails.
There has been a phishing attack that has been tricking many people into giving out their credentials for their Gmail accounts. Some of you may have heard about it in the news, yet don't understand it. This post is designed to help you understand the attack, along with steps for remediation, as well as protecting yourself.

What is Phishing?
Phishing is the act of attempting to obtain information or resources such as financial information, money, or passwords through fraudulent emails purporting to be from legitimate sources like a bank, coworker, or friend. Many phishing schemes will usually try to get you to go to a fake website where you submit information for what seems to be a legitimate purpose. Others may try to get you to wire money to their account.

Description of Gmail Phishing Scam
You may receive a message in your email from someone you know that has a subject line that seems relevant to a discussion you may have. There will also be what appears to be an attachment in your email, which is actually an embedded image. Once you’ve clicked on the ”attachment”, you may find yourself seeing what appears to be the Google logon page. However, in looking at the address bar, you may notice that the URL has “data:text/html” at the beginning. There is also another red flag: If you choose to look at the entire URL, you will notice a large amount of whitespace. No valid website will ever have either of these two things. In Google Chrome, you should notice a green lock on the left side of the address alerting you that you’re on a secure website. If you click in the address bar to see the entire URL, you will never see whitespaces in it.
 
FAQs
What should I do if I receive one of these emails?
If you know the sender personally, contact them by some means other than email to let them know that their account has been compromised. Let them know to immediately change their password and to consider utilizing two-factor authentication. You could even share this article with them.

What if I click an email and get to the page?
Please immediately close the page and do NOT enter your login credentials. As long as you have not done this, then your account is safe. If you have submitted your username and password, please see the instructions for “What if my account has been compromised?”

How can I protect myself?
There are multiple ways we can protect ourselves from this phishing attack. One way is to pay attention to the details of any email that you might receive (things like sender, subject, attachments, and links). Another method is utilizing Google’s 2-step verification feature. An additional protection that could be taken is to use unique passwords for each online account.

How can I check if my account may have been compromised?
Gmail offers a feature where you can check login activity. To use this feature, scroll to the bottom of your inbox and click “Details” (very small in the far lower right hand corner of the screen). This will show you all currently active sessions as well as your recent login history. If you see active logins from unknown sources, you can force them closed. If you see any logins in your history from places you don’t know, your account may have been compromised.

What if my account has been compromised?
Immediately change your password, and consider setting up two-step verification on your account (https://support.google.com/accounts/answer/185839?hl=en). Also, please take this of a reminder that your accounts should have unique passwords. In giving up your password that is used in multiple places, the chances of other accounts with the same password being compromised rises exponentially. Check your sent mail for potential emails that you did not send. If you see messages looking similar to what has been described, immediately contact the recipients and let them know what happened.
 
 
3
Comment
Author:masnrock
0 Comments

Featured Post

Become a CompTIA Certified Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

Join & Write a Comment

When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month