27363681109850116521312867

COMPUBC INFORMATION TECHNOLOGY SERVICES LTD. MANAGED IT SERVICES FOR BUSINESS & RESIDENTIAL. PC & MAC.
  • Services
    • Business >
      • Business Services & Managed IT
      • Canadian Based File Sharing & Syncing
      • Business Cybersecurity VPN
      • Help Desk Security Automation
      • Network Infrastructure & VoIP
      • Cloud Computing
    • Residential >
      • Residential IT Services
      • CompuBC TELUS Services
    • Data Recovery
  • Service Request
  • Service Cost
    • Business Service Cost >
      • Business Managed Services & Cost
      • Office 365 Business & Exchange Online
    • Residential Service Cost >
      • Residential Service Cost
      • Office 365 Residential plans
    • Data Recovery Service Cost
  • Remote Support
  • Self Service
  • About/T&C/Reviews/Blog
    • About us
    • Reviews
    • Social & Blog >
      • Facebook posts
      • Blog
    • Terms and Conditions

The Google Phishing Scam: How to Protect Your Data

5/25/2017

0 Comments

 
A recent Google Phishing scam hit headlines after a number of Gmail users had their accounts compromised by a worryingly sophisticated email scam. Users were tricked into clicking an email that took the user to a real Google account selection screen, and after selecting their account, a “Google Docs” window would appear, requesting permission to read, write and access emails.
By granting “Google Docs” permission, the document was revealed to be published by a random Gmail account, and the holder of the account would now have access to the affected account. What they thought was “Google Docs” was in fact a malicious third-party web app, and scammers now had access to user emails, and could send more scam emails from the victim’s account.
The most worrying aspect of this phishing scam was that the scam worked within the existing Google login system, it bypassed the two-factor authentication and was only noticeable as fake after clicking the link. The scam took advantage of the fact that fake applications named “Google Docs” can be created, and since the scam didn’t require victims to type in their passwords, the usual anti-phishing measures didn’t block it.
The scam exploited Open Authorisation (OAuth). OAuth notifies a resource provider that the resource owner grants third-party access to their information. An example of this would be Facebook (resource provider) being notified that you (resource owner) are allowing a third-party (a Facebook application) to access your information (your friend list). There are a multitude of online services that use OAuth, and it’s impossible to vet all the third-party applications that use it.
Fortunately, the scam was detected and dealt with quickly by Google within an hour. A company statement assured users of the following:
  • Offending accounts had been disabled
  • Fake pages and applications had been removed
  • Updates were being pushed through Safe Browsing, Gmail, Google Cloud Platform, and other counter abuse systems
The scam ultimately affected around 0.1% of Gmail users, which equates to about one million users out of Gmail’s one billion active users.
Phishing scams of this scale are relatively rare, and therefore make headline news. However, phishing attacks are all too common and it’s worth taking preventative measures to ensure that your account isn’t compromised.
How to Protect Yourself from a Phishing Scam
Phishing emails are typically designed to fool the victim into giving away their personal information, or installing malicious software. Luckily, there are a few easy ways to spot a phishing scam:
  1. Bad spelling and grammar is often seen in phishing emails, and a legitimate company with hired copyeditors would never release such an email. Big brands care about their reputations, cyber criminals don’t.
  2. Never click an unknown link. If the email encourages you to click on a link to ‘fix’ a problem or to ‘claim’ a prize, hover your mouse over the link and look at the address. If the link looks unusual, a way to test the legitimacy of the link would be to manually type it into the address bar in a new window—if the URL takes you to a different address from the one you’ve typed, it’s fake
  3. Analyse how the sender addresses you. Legitimate companies like to be as personable as possible and often will address you by your name, not by vague titles like ‘Valued Customer’.
  4. If the language is threatening or urgent, and claims that your account has been suspended, has had unauthorised logins attempts, or will be closed if you don’t act, it’s most likely a scam. Scammers often try to inject a sense of urgency to make you act before thinking.
  5.  Always scrutinise email attachments. While you might be expecting a file from someone, make sure to check the attachment for anything suspicious. It’s very easy to download malware that damages files on your computer, steals your passwords or spies on you without your knowledge.
  6.  Make sure to check the address bar. Even if you’re sure the sender is legitimate, make sure to check the address bar if you click on a link. While a scammer can create a convincing login page to trick you into giving away your password, a quick glance at the address bar should tell you if the website you’re on is genuine.
  7. Double check, if you can. While you may be able to recognise a phishing scam at home, recognising one at work is just as important. Scammers can easily pose as a highly ranked member of an organisation and send fake emails to employees asking for personal information. This kind of personal information can easily be used for fraud, so try to check if the email is genuine by contacting the sender themselves if possible.
  8.  Don’t trust email headers. An email header can be forged with a brand name, and scammers can easily make a fake ‘From’ address similar to a real company.
  9.  If the message asks for personal information, never give it up. No matter how official or genuine an email may look, companies would never ask for personal information via email. Asking for account numbers, passwords, or the answer to a security question would never happen with a trustworthy company.
  10. A lack of information about a sender can be a tell-tale sign of a fraudulent sender. Companies tend are keen to hear from their customers and always leave contact details.
This list is by no means exhaustive—phishing scams have become increasingly convincing, and scammers are always evolving new ways to hit unsuspecting users. Email phishing is the number one delivery vehicle for malware, and in 2015, 85% of organisations were victims of phishing attacks and 30% of phishing emails were opened! Having the intuition to spot scams is an excellent way to protect yourself and others from losing personal information and other sensitive data.
But regardless of how vigilant you might be when inspecting your emails, mistakes do happen and the most convincing scams often fool even the savviest of tech users. Our next post will cover the next steps should your system fall prey to a phishing scam, with tips on how to locate the affected account, and investigate what data has been accessed.
0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

    Archives

    May 2025
    November 2024
    August 2024
    November 2023
    June 2023
    April 2023
    January 2023
    December 2022
    November 2022
    September 2022
    August 2022
    June 2022
    October 2021
    August 2021
    July 2021
    May 2021
    April 2021
    March 2021
    January 2021
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    May 2020
    March 2020
    November 2019
    August 2019
    July 2019
    June 2019
    May 2019
    March 2019
    November 2018
    July 2018
    June 2018
    May 2018
    April 2018
    February 2018
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017


2951 Britannia crescent
Port Coquitlam BC, V3B 4V5
778-776-6222

​Hours of operation
Mon - Fri 9 a.m. - 6 p.m.
Sat 11 a.m. - 5 p.m. (by appointment only)
Sunday & Holidays - Closed

​Business Number 778569517BC0001 - © Copyright CompuBC, All Rights Reserved.

​Some icons made by 
Freepik, xnimrodx, Smashicons, itim2101, photo3idea_studio, and prettycons from Flat Icons.

  • Services
    • Business >
      • Business Services & Managed IT
      • Canadian Based File Sharing & Syncing
      • Business Cybersecurity VPN
      • Help Desk Security Automation
      • Network Infrastructure & VoIP
      • Cloud Computing
    • Residential >
      • Residential IT Services
      • CompuBC TELUS Services
    • Data Recovery
  • Service Request
  • Service Cost
    • Business Service Cost >
      • Business Managed Services & Cost
      • Office 365 Business & Exchange Online
    • Residential Service Cost >
      • Residential Service Cost
      • Office 365 Residential plans
    • Data Recovery Service Cost
  • Remote Support
  • Self Service
  • About/T&C/Reviews/Blog
    • About us
    • Reviews
    • Social & Blog >
      • Facebook posts
      • Blog
    • Terms and Conditions