Gmail user? Beware recent phishing emails!

The phishy email

If you use Gmail and receive an email that looks like it has a Google document attached to it – beware! Don’t immediately click what appears to be the Google document as it may be a link that takes what appears to be a Google login form but is actually collecting your Google login details to send to criminals.

How can you tell?

The attachment is actually an image, and hovering over it will show the website where you’ll end up if you click on it. It won’t be the Google login website.

If you do end up visiting the website you’ll be presented with a login form that looks identical to the Google login form. If you do enter your Google login details then the criminals have now got access to your Google account – Gmail, Google Drive, Google Talk, etc. The standard activity by the criminals appears to be to send a similar phishing email out to your contacts, leveraging their trust of your relationship to gain access to their accounts. You might also find an inbox rule set up to send any incoming emails straight to the bin (trash) in an attempt to hide emails from your contacts telling you that you’ve been “hacked”. Other inbox rules might be set up to forward all emails to another account under the control of the criminals.

What to do?

Change your Google password right away! To be more secure and prevent this type of problem you can set up 2-factor authentication. If you set up 2-factor authentication then you need to enter a single-use code that’s sent to your phone as well as your username and password in order to log in.

Also contact your contacts that received the phishing email from you and warn them not to click the document that was sent from your account. It might be embarrassing but at least it shows you’re aware of the problem and are being pro-active in dealing with the problem.
Prevention?

A bit of common sense always helps. Were you expecting a randomly named document from that person? No? So don’t click the link! Many anti-virus products will block the website that you are initially directed to, but the website will change frequently so you can’t rely on the anti-virus software to protect you.