A new, sophisticated phishing scam has been stealing users Gmail passwords. Like all phishing scams, it works by convincing users to enter their login credentials into a fake, but realistic, Google login page.
While the specific technique is new and more advanced, the take home message is the same as it has always been. Be vigilant and aware of your digital surroundings.
How you can protect yourself
Look at the URL:Although the website looked like the real Google sign in page, the url did not. Instead of starting with a normal “https://”, it started with “data:text/html.” People who noticed that did not hand over their information.
Two-factor Authentication: Setting up two-factor authentication is one of the best actions you can take to secure your accounts. This requires you to confirm your identity in a second way in addition to your password, often a text message to your cell phone.
Ease of use and comfort around your computer system are values that should not be minimized. The same is true of your home. In both cases, however, if someone asks you to unlock your door, you better know who they are and why they are asking. If you are not sure, ask yourself how badly you need to see whatever it is that is being sent. Are those cute cat pictures really worth compromising your machine?
Here are some of the most common ways people get hacked:
- Opening infected attachments in email (aka trying to open cute cat pictures)
- Phishing scams that collect login information (aka trying to download cute cat pictures)
- Getting infected from malicious website (aka surfing the web for cute cat pictures)
- Using open/unsecured wifi (aka surfing the web for cute cat pictures or anything else while using the internet at a coffee shop)
- Bad passwords (really nothing at all to do with cute cat pictures)
I once received an automated call saying that there had been suspicious activity on my credit card and that I should call a certain number to discuss. I checked my card, and the 800 number on the back did not match the number from the call. I called the number on the back of my card and confirmed that the call had been legitimate and there were fraudulent charges. What I asked my credit card company, and what I want you to think about, is how could I know that the original call was not a scam? They had no answer, and were basically training their customers to be foolish. Never call a number given to you that way that you cannot verify. Never click a link in an email to login to one of your accounts. Be vigilant, be aware. Our online lives are becoming almost as important as our offline lives. Don’t just let anyone into your home.