An effective new phishing email scam is presently circulating that is targeting users of Gmail. It starts when you receive an email that appears to be sent from the email address of one of your real friends and, in fact, the email may have been sent from a friend’s email account that unfortunately has been hacked and taken over in order to send out phishing emails that victims will trust because it appears to come from a trusted source. The email has an attachment and when you click on the attachment, a sign-in page for your Gmail account appears requiring you to type in your email address and password. Unfortunately, if you do so, you have just turned over this information to a cybercriminal who can wreak havoc with this information.
Although this particular spear phishing email scam is quite sophisticated, there are a number of simple steps you can take to prevent yourself from becoming a victim of the scam. Primarily, you should follow my rule and never click on any link or download any attachment unless you have absolutely confirmed that the communication sending the link or attachment is legitimate. Even if the email address from which the communication is sent appears legitimate, your friend’s email may have been hacked and it is a cybercriminal sending you the email.
It is also a good idea to use dual factor authentication when possible for your email account. If you use dual factor authentication, such as where a one time code is sent to your smartphone each time you want to access your email, you are protected from having your email account taken over even if the cybercriminal has your password and username. Finally, it is a good idea not to store sensitive information in your email account.