Friday, January 20, 2017

Protect Yourself from Gmail Phishing - Your Info is VERY Valuable

What is Phishing?
Phishing is the practice of sending emails, that look like they are from a reputable company or person, in order to get the recipient to reveal personal information like usernames, passwords, or credit card informations.  This is why you always here people caution against clicking on a link in an email if it "doesn't look right".

How does the New Gmail Phishing Scheme Work?
Recently, we learned about a new phishing scheme making the rounds.  This new one is very tricky because, unless you know what to look for, everything seems normal.  The way the new attack works, is the hackers will send you an email to your Gmail account.  That email will look like it is coming from someone you know (this person has probably had their account hacked using this same technique).  It may also include something that looks like an image of an attachment you recognize from the sender - for example, a google doc they would share with you.  When you click on the image, instead of getting a preview of the attachment like you would expect, a new tab will open and you will be asked to sign into Gmail again.  The kickers is, it isn't really the Gmail login page - it is a spoof page.  It looks EXACTLY like the login page you would expect, so you go ahead and sign in.  The minute you do, the hackers have your username and password and access to everything in your google account.  They can download all your info in seconds.

How can I Protect Myself?
So, how can you protect yourself?  The best way is to look at the URL/Address bar.  When logging into Google, make sure there is nothing at the beginning of the address bar, other than http:// or https://.  It should look like this:



It should not look like the address bar below.  Here is a sample of what a phishing address may look like:

Notice the data://text/html before the https://?  That clues you in that the website isn't legit.

Another really good idea is to sign up for 2-step verification, otherwise known as two factor authentication.  Google provides an excellent resource to help you get this set up.

I think I've been Hacked?
If you think your PPS account has been hacked, please change your password and contact the PPS help desk immediately (help@portageps.org or x5102)

Read the original article to learn more on the Wordfence Blog.