Scam of the day – January 23, 2017 – Latest Gmail phishing scam

An effective new phishing email scam is presently circulating that is targeting users of Gmail.  It starts when you receive an email that appears to be sent from the email address of one of your real friends and, in fact, the email may have been sent from a friend’s email account that unfortunately has been hacked and taken over in order to send out phishing emails that victims will trust because it appears to come from a trusted source.  The email has an attachment and when you click on the attachment, a sign-in page for your Gmail account appears requiring you to type in your email address and password.  Unfortunately, if you do so, you have just turned over this information to a cybercriminal who can wreak havoc with this information.

TIPS

Although this particular spear phishing email scam is quite sophisticated, there are a number of simple steps you can take to prevent yourself from becoming a victim of the scam.  Primarily, you should follow my rule and never click on any link or download any attachment unless you have absolutely confirmed that the communication sending the link or attachment is legitimate.  Even if the email address from which the communication is sent appears legitimate, your friend’s email may have been hacked and it is a cybercriminal sending you the email.

It is also a good idea to use dual factor authentication when possible for your email account.  If you use dual factor authentication, such as where a one time code is sent to your smartphone each time you want to access your email, you are protected from having your email account taken over even if the cybercriminal has your password and username.  Finally, it is a good idea not to store sensitive information in your email account.

Scam of the day – July 18, 2015 – Ingenious text message gmail scam

It is not surprising that scam artists are the only criminals that we refer to as artists.  Some of their scams are truly ingenious.  Today’s scam starts when you receive a text message from Google with a verification code.  Immediately thereafter and before you can even respond to the first text message, you receive a second text message that states, “Google has detected unusual activity on your account.  Please reply with the verification code sent to your mobile device to stop unauthorized activity.”  Many people have been merely following those directions and promptly send the verification code they just received.  However, by doing so, the victim has just turned over his or her gmail account to a scammer who can scour the account for information to be used for identity theft purposes.

What actually went on was that a hacker with the victim’s email address and cell phone number went to login on the victim’s gmail account and clicked on the “Forgot password” link prompting a verification code to be sent to the victim’s cell phone.  Immediately thereafter the hacker sent the original message that appears above pretending that he or she is Google so when the victim responds by sending the verification code, he or she is actually sending it to the hacker who then uses it to access the victim’s gmail account.

TIPS

Never send a verification code to anyone through an email or a text message.  The only place you should use a verification code is when you login online.  If like the victim of this scam, you receive a verification code sent to you on your cell phone that you did not request, notify your email provider because that is an indication that someone is trying to hack into your account.