Protect Yourself Against Gmail Phishing Attacks
When the White House and the FBI get involved in hack attacks, you know it’s a big deal.
Google announced earlier this week that cybercriminals from China were using what seemed to be phishing attacks to hack Gmail accounts, including government authorities. With this news comes the revelation that Hotmail and Yahoo! e-mail accounts have also been the target of spear phishing attacks.
What can you do to protect your small business?
First understand what a phishing attack is. According to Wikipedia, phishing is a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake Web site whose look and feel are almost identical to the legitimate one.
“Phishing attacks range from the incredibly obvious to the believable and well crafted. There will always be those that cause a person to second guess themselves, which is exactly what they need to do,” says Fred Touchette, a senior security analyst at AppRiver. “We have seen more and more directed spear phishing attacks against individuals and/or specific companies over the past few years. This is troubling news because they are usually harder to notice due to their customization, but in no way will this affect the cast net style approach of phishing.”
When it comes to Internet security, a little common sense can go a long way. Here are Touchette’s top four tips for protecting your small business from a phishing attack.
Avoid opening e-mails or attachments from unsolicited sources.
When clicking on links, pay attention to where they’re actually taking you. In this recent attack the emails appeared to come from sources known to the victims which can certainly add to the obfuscation. The telltale sign to note here was the fact that it took them back to a Gmail login screen after they were already in their account, that’s never a good sign.
If there’s ever any question, close the browser, open a new one and go directly to the site. The fake log-in screen in these attacks also had multiple flaws that should have clued the victims to the fact that something was amiss as well. Oftentimes I see the attackers using outdated Web pages in these situations.
Overall, remain cautious and use safe email and browsing habits consistently to avoid becoming aloof.