Hackers routinely use phishing as a method of acquiring sensitive information from unsuspecting victims. This information is then either sold or used to commit identity theft. There is a particularly dangerous phishing attempt currently targeting Gmail accounts. More and more businesses are using Gmail accounts for their professional email, making it extremely important to be aware of threats like this. Equip yourself using the following guide so you are not fooled by this very sophisticated phishing attempt.

Understanding This Gmail Hack

A typical phishing attempt involves an email that appears to be from a legitimate source such as a bank or a government office. The look and feel of the institution’s website is mimicked and the user is prompted to enter sensitive information. The hacker is hoping the user will not notice subtle differences in the logo, etc. because of the trust he or she has in the institution. Once the user has entered the information, the hacker keeps it and uses it for their own nefarious purposes such as identity theft or fraud.

In this particular phishing attempt, you will receive an email with an an attachment from one of your contacts(whose account has most likely also been hacked). It will have a plausible subject and attachment name. If you weren’t aware, it is so well done you very likely would open it and open the attachment as well. Even extremely tech-savvy individuals are falling for it. When you open the attachment, it prompts you to login to your Gmail account again. Once you do, the hackers then have access to anything in your email account and begin looking for other contacts to target.

How to Prevent it From Happening to You

The short answer is, pay attention to the url. The normal Gmail login url looks something like this:

https://accounts.google.com/ServiceLogin?
When you click on the attachment and it prompts you to login to your Gmail account, the url will look something like this:

data:text/html,https://accounts.google.com/ServiceLogin?
Very close and very easy to overlook when you are busy. Here are some things to keep in mind:

1. Always proceed with caution when opening attachments from any emails. If it feels at all suspicious, ask your contact if they, in fact, sent the email in question.
2. Always check the url before entering login credentials. If it begins with “data:text/html,” or anything else unusual, don’t enter them.
3. Also check that the url has been verified. Some browsers will have a padlock in front of the url or the “https://” will be green.
4. Scroll far to the right in the address bar. This phishing attempt will have many blank spaces you can’t see at first followed by the name of the file that will open in a new tab if you enter your login info.
5. You can also activate Gmail’s two-factor authentication feature for logins. It will require you to verify an additional piece of information after entering your username and password.
6. It may also be a good time check your business security. Enstep will perform a FREE security assessment for your business which includes a comprehensive security report.

Be Smart. Be Secure.

Being aware of the latest hacking techniques and using safe practices on the internet are the best ways to prevent anything from happening to you. Use this guide to make sure you and your employees don’t get fooled by the Gmail hack that is making its rounds now. For your FREE business security assessment and report, Contact Us today.