Remember when we talked about how those sneaky phishing attacks are becoming more common? Well, this time, it looks like Google users might be the target.
We haven’t seen this one before. While this email uses the Google logo and initially feels legitimate, it’s not. This is another example of looking at every email very closely before you click on anything.
Let me break down what this particular phishing attack is all about and share some tips on how you can steer clear of it.
I recently encountered a concerning security-related phishing attack that appears to be impersonating Google. The fraudulent email claims that the recipient’s device is infected with a virus and urges them to take immediate action. It cunningly tricks recipients into clicking on a malicious link, which supposedly leads to a solution for removing the virus from their machine. However, this link is deceptive and poses serious risks to the recipient’s online security.
You’ll notice in the screenshot below that the senders of this message are not from Google at all, which is indicated by their email addresses <firstname.lastname@example.org>.
We contacted Google regarding the matter, as it didn’t resemble any recent phishing attack we’d seen before and sought further information. Here is the response we received from a Google spokesperson:
“We urge people to proceed with caution when reading emails from someone claiming to be an authoritative resource. Unfortunately, unscrupulous people sometimes try to use the Google brand to scam and defraud others. In Gmail, our sophisticated protections will block more than 99.9% of spam, phishing, and malware, but whichever email service you use, we encourage users to follow these three best practices to help avoid becoming a victim of a scam:
The statement from Google gives some great advice, and I think it can apply to all phishing scams, whether the attacker is claiming to be from Google or not. I have a few of my own suggestions that I want you to keep in mind to further protect yourself from phishing scams:
#1 tip: Use antivirus software: This is perhaps one of the best investments you can make for yourself to protect yourself from phishing scams. Having antivirus software running on your devices will make sure you are stopped from clicking on any malicious links or from downloading any files that will release malware into your device and potentially have your private information stolen.
See my expert review of the best antivirus protection for your Windows, Mac, Android, and iOS devices by visiting Cyberguy.com/LockUpYourTech
Verify the sender’s email address: Check the sender’s email address carefully, as scammers often use slight variations or impersonate legitimate sources. If the email address looks suspicious or unfamiliar, do not click on any links or provide personal information.
Avoid clicking on links directly: Instead of clicking on links in emails, hover your mouse over them to see the actual URL. If the link doesn’t match the supposed source or seems unusual, refrain from clicking on it.
Be cautious with email attachments: Do not open attachments from unknown or unexpected sources, as they could contain malicious software. If you weren’t expecting the attachment or don’t know the sender, verify its legitimacy before opening it.
Enable two-factor authentication (2FA): Whenever possible, enable 2FA for your online accounts. This adds an extra layer of security by requiring a second form of verification, such as a unique code sent to your phone, in addition to your password.
Be cautious with personal information: Be wary of sharing sensitive information online, especially if it’s unsolicited or seems suspicious. Legitimate organizations rarely ask for personal details via email.
TO GET MY MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER BY HEADING TO CYBERGUY.COM/NEWSLETTER
Report suspicious emails: If you receive a suspicious email claiming to be from a specific organization, report it to that organization’s official support or security team so they can take appropriate action.
Educate yourself and others: Stay informed about the latest phishing tactics and share this knowledge with friends, family, and colleagues. Awareness is a powerful tool in preventing scams.
Keep software up to date: Regularly update your operating system, web browsers, and antivirus software to ensure they are equipped to detect and prevent the latest threats. You can regularly check for these updates on your device’s settings app for software updates, and you can go to your App Store or Google Play Store (depending on the device you have) to check for updates on individual apps.
To check for software updates on your iPhone:
To check for app updates:
Settings may vary depending on your Android phone’s manufacturer
To check for software updates on your Android device:
To Check for app updates:
Whenever you receive an email, use your best judgment before clicking links or opening attachments, especially if it’s from someone you don’t recognize.
Google will continue to try to protect Gmail users from these kinds of phishing attacks. Their data on this particular abuse campaign shows them blocking 99%+ of these emails.
If you do happen to see a similar email reach your inbox, please report the email as abuse (instructions here) to help their tools get even better at protecting users from these campaigns.
What more do you think should be done to protect people from these malicious phishing attacks? Let us know by commenting below. Let us know by writing us at Cyberguy.com/Contact
For more of my security alerts, subscribe to my free CyberGuy Reports Newsletter by heading to Cyberguy.com/Newsletter
Copyright 2023 CyberGuy.com. All rights reserved.