Hackers are sending impressive phishing emails (nothing new, lately) that are fooling Gmail users and are able to steal your credentials in real time.
It turns out that the hackers are generating an email to mimic one from Gmail. The email is asking/telling users that they need to re-sign into their accounts. The email provides a link to do so.
The kicker is it is a legit sign-in page! However, when you click that link, you are no longer using your computer to sign in. You are now using a hacker’s “computer” and they are able to capture your credentials. They now have full access to your account!
What to look for:
Well, AI is getting better and better. However, there are still some nuances that you can look for. Such as:
“This email hopes to find you well” rather than “I hope this email finds you well.”
Have you ever received an email from the security team from Gmail before? Or from any other user that is asking you to sign in to an account, not just Gmail.
The fact that there is an urgency to the email. “You must sign in now, or you will lose access to your account”
What you can do BEFOREHAND:
- Make sure you are using complex passwords (sound familiar?) and make sure you do not use them across multiple sites.
- Change them about as often as you change your toothbrush. Get a Password manager to help you with this. That way you are not making “lazy” passwords.
- If you are visiting a web page that has a Gmail sign in, make sure that the URL does not have strange characters in it, that is a HUGE red flag.
What to do AFTER if you have fallen for this scam:
- Go into your Gmail account (not through the same email) and change your password right away.
- Make sure you remote this, not only to Google but to the authorities.
If you need help with this, please feel free to reach out. We are happy to help.
As always, please feel free to reach out to us if you have any questions or concerns.
Stay Safe Out There!