Driz Group
  • Managed Services
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Subsidiaries
  • Contact
    • Newsletter
  • Blog
  • Managed Services
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Subsidiaries
  • Contact
    • Newsletter
  • Blog

Cybersecurity Blog

Thought leadership. threat analysis, news and alerts.

Gmail Phishing Attack That Can Trick Even Most Savvy Users

1/23/2017

0 Comments

 

A Sophisticated Phishing Attack

Gmail logo
As reported by several cyber security researchers, and the mainstream media, cyber criminals unleashed a new, sophisticated phishing campaign targeting both individuals and corporate Gmail users. In fact, it’s so sophisticated, that even savvy users are being tricked by it.

An email arrives with a link, and when clicked, it asks for your Gmail user credentials. The trick is that the page looks exactly like the original Gmail sign on page. When you enter your user ID and password, the attackers automatically log into your Gmail account. When they are in, they immediately begin gathering additional information to support further attacks. Appears that they are looking for the attachments you’ve previously shared with others, and gather email addresses from your contacts.
The contacts they gather, inevitably become new targets. Now rogue emails are coming from someone the victim knows.

It's very hard to notice foul play since the URl in the email is disguised very well. In most cases, victims won't even look at the address bar at the top to validate the website's authenticity.

How to protect yourself against phishing attacks?

Fortunately, you can protect your account almost instantly by enabling 2-step verification for your Gmail account. Even if you don’t use Gmail, and use another Cloud email service, we recommend that you enable a 2-step verification without delay.

When 2-step verification is enabled, unless cybercriminals have direct access to your smartphone, it would be nearly impossible for them to use your password, even if you have fallen victim to a phishing attack.

Instructions on enabling 2-step verification for Gmail (personal use):
https://support.google.com/accounts/answer/185839?hl=en

Instructions on enabling 2-step verification for Gmail (corporate accounts). Note that for corporate accounts, you need to share these instructions with your IT department, and Gmail administrator will be able to add the extra security centrally:
https://support.google.com/a/answer/184711?hl=en

Have questions? Please contact us and we will be more than happy to assist.

Stay safe!
0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

    Author

    Steve E. Driz, I.S.P., ITCP

    Picture
    View my profile on LinkedIn

    Categories

    All
    0-Day
    2FA
    Access Control
    Advanced Persistent Threat
    AI
    ATP
    Awareness Training
    Botnet
    Bots
    CASL
    Cloud Security
    Compliance
    COVID 19
    COVID-19
    Cryptocurrency
    Cyber Attack
    Cyberattack Surface
    Cyber Espionage
    Cybersecurity
    Cyber Security
    Cyber Security Consulting
    Cyber Security Insurance
    Cyber Security Risk
    Cyber Security Threats
    Data Breach
    Data Governance
    Data Leak
    Data Leak Prevention
    DDoS
    Email Security
    Fraud
    GDPR
    Hacking
    IoT
    Malware
    MFA
    Microsoft Office
    Mobile Security
    Network Security Threats
    Phishing Attack
    Privacy
    Ransomware
    Remote Access
    Social Engineering
    Third-Party Risk
    Virtual CISO
    Vulnerability
    Vulnerability Assessment
    Web Applcation Security
    Web-applcation-security
    Web Application Firewall
    Web Application Protection
    Web Application Security
    Web Protection
    Windows Security

    RSS Feed

1.888.900.DRIZ (3749)

Managed Services
Web Application Security
Compliance
​Vulnerability Assessment
Free Vulnerability Assessment
About us
Testimonials
​Meet the Team
​Subsidiaries
​
Contact us
​
Blog
Resources & Tools
​Incident Management Playbook
Privacy Policy | CASL
Copyright © 2021 Driz Group Inc. All Rights Reserved.
Photo used under Creative Commons from GotCredit