Many phishing scams are easy to spot but hackers are getting better at disguising threats online. One of the latest scams is gaining momentum and even tricking tech-savvy experiences users. Here's how to avoid Gmail scams. See also: How to unsend in Gmail.
Latest Gmail Phishing scam
One of the latest scams does a very good job of making you think the login page for Gmail is the real deal, when in fact it's not. It seems this phishing attack is so good that even tech-savvy experienced users are falling for it, explains Mark Maunder, CEO of WordPress security plugin Wordfence.
This particular attack involves an email that may look like it's from one of your contacts, likely because they have been hacked. They will use a normal looking subject line, maybe one that contact has already used.
The key element is an attachment which looks pretty normal. When opened, a new tab will open with a legitimate looking Gmail login page – the idea is that you think to need to sign in to view the attachment. If you do enter your email address and password, you're effectively handing it straight over to the hackers.
How to avoid Gmail scams
There are many scams like the one outlined above trying to trick you, and it's not restricted to just Gmail. Luckily there are various things you can do to avoid scams like this.
First, take time to think about whether the email seems legitimate. Check the sender' s email address and whether it's the kind of email they would be actually sending you. Also see: How to create a strong password
In the case above, all of this might seem perfectly normal. So if you do click on a link only to find a sign in page, there are other things you can check. Read the URL (web address) in the top bar for starters. It should read 'accounts.google.com/ServiceLogin?' but the scam reads 'data:text/html…..’ beforehand which is a red flag.
When visiting any website, you can also check it's secure by looking for a padlock symbol (which might be green) and the clause 'https:' in green at the beginning of the web address.
Even better is enabling two-factor authentication for your Gmail account (and others that support it). This means that even if you do get fooled, the hacker won't be able to log into your account with just your email and password.
Google said: "We advise people to be careful anytime you receive a message from a site asking for personal information. If you get this type of message, don’t provide the information requested without confirming that the site is legitimate. If possible, open the site in another window instead of clicking the link in your email. You can report suspicious messages directly to us. Google will never send unsolicited messages asking for your password or other personal information."
What to do if your Gmail is hacked and compromised
If you think your account has been hacked then the first thing you should do is log in via the real site and change your password. See our guide on how to change your Gmail password.
It's very difficult to know for sure sometimes but you can try checking your login history and look for anything unusual. Even if you can't find any anomalies, it's best to change your password if you're suspicious.
Google said: "We’re aware of this issue and continue to strengthen our defences against it. We help protect users from phishing attacks in a variety of ways, including: machine learning based detection of phishing messages, Safe Browsing warnings that notify users of dangerous links in emails and browsers, preventing suspicious account sign-ins, and more. Users can also activate two-step verification for additional account protection."