Articles
Pages
Products
Research Papers
Blogs
Search Engines
Events
Webinar, Seminar, Live Classes
Wednesday, 25 January 2017 23:16

This Gmail hack tricks your password out of you

By: 

This particular email to your Gmail account may look as if it comes from someone you know.

You might recognize the subject line too as it's from a previous conversation. But beware the image of an attachment in the email. It contains malicious software code designed to get your to turn over your login and password.

It's a new way that computer scammers are going after Gmail accounts, a technique that software company Wordfence calls "highly effective." Wordfence, which develops software to protect WordPress blogs from hackers, recently sounded an alarm about the new hack.

"The idea was to get the word out as widely as possible," said Mark Maunder, Wordfence's founder and chief executive officer.

Press on Your Side thinks it's pretty important too.

Compromised email can lead to all sorts of problems. For instance, a hacker with access to your email box can reset your password for other accounts, such as Twitter or Facebook, and cause havoc. Your email inbox may contain important personal and financial information too.

"The email inbox is kind of like the crown jewels," Maunder said.

PRESS ON YOUR SIDE: Passwords drive you nuts? 7 tips make you sane

PRESS ON YOUR SIDE: Email from boss might be identity fraud scam

How it works

According to Maunder, here's how the email scam works:

You will receive an email from someone you know, someone whose account already was hacked. The subject line could be from a previous conversation.

An attachment, with a description that you may recognize, will appear as an image at the bottom of the email. After you click on it, a new browser tab opens with a form to log in to see what the attachment is.

"You're in a rush and you think you've been signed out and you will go ahead and sign in again," Maunder said. "At that point, the hackers have your email address and your password and they have to access to your account."

Once in, the hacker sends emails to all of your contacts to perpetuate the hack.

What happened? Instead of taking you to a fake website, as many email phishing hacks do, clicking on the image of an attachment sent computer code which opened up a new browser tab and presented you with a fake sign-on, Maunder said.

PRESS ON YOUR SIDE: Hackers hit IRS with stolen Social Security digits

PRESS ON YOUR SIDE: Tax time means identity theft time

What to do

So how do you protect yourself?

  • Take a look at the website address. It should start with "https://" on the far left, Maunder said.  The hack starts with "data:text" instead. The website address, or host name, should be "accounts.google.com."
  • Enable two-factor authentication. Once you turn it on, Google will require a second bit of information, such as a code sent to your cellphone in a text, to log in. Even if a hacker has your password, you have a second layer of protection. 

In a comment to Wordfence, Google said they were "aware of this issue and continue to strengthen our defenses against it.

"We help protect users from phishing attacks in a variety of ways, including machine learning based detection of phishing messages, Safe Browsing warnings that notify users of dangerous links in emails and browsers, preventing suspicious account sign-ins, and more," the statement said. "Users can also activate two-step verification for additional account protection.”

Source : http://www.app.com/story/news/local/new-jersey/2017/01/24/gmail-hack/96989694/

Leave a comment

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.
Please wait
online research banner

airs logo

AIRS is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Subscribe to AIRS Newsletter

Receive Great tips via email, enter your email to Subscribe.
Please wait

Follow Us on Social Media