The Better Business Bureau is warning people about a phishing scam in which you receive an email or a text message that appears to come from Google Photo informing you that someone is sharing a photo album with you.  In order to see the photographs, you need to click on a “View Photo” link that when clicked on asks you to log into your Google account.  Unfortunately, this is a scam.  No one has sent you any photographs and if you clicked on the link and provided your username and password, you provided them to an identity thief who can then use it to access your gmail account or any other Google account as well as any other account of yours in which you may have used the same name and password.

This particular scam is even more insidious than most because the email address of the sender appears as “noreply-photos@google.com” which appears quite legitimate.  Using a URL shortening service, the scammers were able to make the scam URL appear legitimate.

TIPS

As I am always advising you, never click on any link, regardless of how legitimate it may appear unless you have confirmed that it is indeed legitimate.  The risk of being lured into providing personal information or downloading malware is too great.  In regard to this particular scam, the email does not indicate who is sending you the photos which is a red flag that it is a scam.

This scam also highlights the importance of using unique passwords for each of your online accounts so that in the event of you being scammed into providing your password or your password is compromised in a data breach, all of your accounts are not in jeopardy.   Creating and remembering strong, unique passwords for each of your accounts is not as difficult as it may appear.  You can start with a strong base password constructed from a phrase, such as IDon’tLikePasswords. Add a few symbols like !!! and then adapt it for each account you have so that you will have a secure and easy to remember password for each of your online accounts.   Thus, your Amazon password could be IDon’tLikePasswords!!!AMA.

You also should use dual factor authentication whenever possible to further protect yourself.

For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.”  Scamicide was recently cited by the New York Times as one of three top sources for information about Coronavirus related scams.

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”