No not “fishing” the leisurely activity with a hook and pole. Unfortunately, “phishing” isn’t nearly as relaxing or enjoyable. So, what is phishing? An email that is fake and designed to steal information about you, such as usernames and passwords.
When you click on a link in a “phishing” email, it takes you to a website that is hacker territory. This fake page is often made to look like something you are familiar with, say the login for Wells Fargo, Chase Manhattan Bank or Google Drive. But, it is a copy of the page.
The danger arises when you fill in the blanks on the fake page. If it contains a place for you to put your Username and Password, that data goes to the bad guys.
Email phishing scams are nothing new. What’s different is how tricky the emails are becoming, and the numbers of people sucked into clicking on them. The latest Gmail phishing scam is so sophisticated that even the “experts” are getting fooled.
In the latest Gmail Phishing hack, the email comes from someone you know and the subject line may have been used before, so it looks familiar. The attachment is a picture of an attachment that contains a link, and it asks you to “log in” to access the attachment. The login screen URL is not green at the top with a padlock and a “https://” address, but instead, contains a “data:text/html,https://accounts.google.com/ServiceLogin?” address.
So, how do you know if an email is a phishing scam? There are obvious clues that an email might be a phishing scam, as well as some not so obvious ones. The best advice I can give is to keep yourself educated on how to recognize fake email.
Below is a photo of an email sent to me at my law office. It is from a law firm my partner has dealt with, but not me. Here are some clues that this isn’t a legit email.
The image below shows how a real Google doc attachment appears.
If it looks strange, delete the email! For every login page, verify the presence of the green padlock and “https” in the address.
I can’t emphasize enough the need to create complex passwords. A password comprised of letters and numbers that make up a word in the English language won’t cut it.
If you suspect a friend’s account has been hacked, do not email them. Call or text them to advise or ask if they know what they just sent to you. Then make sure you mark spam in your email as spam (don’t just delete it).
A newly discovered browser weakness comes through an email—and the result is that the bad guys get access to information stored in Autofill in your Chrome, Opera, or Safari browsers or, those using the LastPass browser autofill extension.
It starts with an email that says “click here” to buy something, and you fall for it. The best protection is to turn off the Autofill features of your browsers. It will 100% prevent the access to your data from this type of email. If you are very careful with your email and astute at recognizing threats, you can keep using Autofill features.
Here are step-by-step instructions for turning off autofill on your computers and phones.
Chrome autofill access:
• Preferences > Settings > advanced settings > Passwords and forms
• Uncheck the boxes as shown below to turn off Autofill
Chrome autofill access on the iPhone:
Safari autofill access:
Safari autofill settings on the iPhone
Another way to protect yourself is to keep your browser up to date. An updated browser gets the security patches and improvements to ensure prevention against the latest threats.
Educate yourself on how to recognize these phishing schemes. Remember, knowledge is power.