Remember when we talked about how those sneaky phishing attacks are becoming more common? Well, this time, it looks like Google users might be the target.
We haven’t seen this one before. While this email uses the Google logo and initially feels legitimate, it’s not. This is another example of looking at every email very closely before you click on anything.
Let me break down what this particular phishing attack is all about and share some tips on how you can steer clear of it.
What does this latest phishing attack do?
I recently encountered a concerning security-related phishing attack that appears to be impersonating Google. The fraudulent email claims that the recipient’s device is infected with a virus and urges them to take immediate action. It cunningly tricks recipients into clicking on a malicious link, which supposedly leads to a solution for removing the virus from their machine. However, this link is deceptive and poses serious risks to the recipient’s online security.
You’ll notice in the screenshot below that the senders of this message are not from Google at all, which is indicated by their email addresses <firstname.lastname@example.org>.
We urge people to proceed with caution when reading emails from someone claiming to be an authoritative resource. Unfortunately, unscrupulous people sometimes try to use the Google brand to scam and defraud others. In Gmail, our sophisticated protections will block more than 99.9% of spam, phishing, and malware, but whichever email service you use, we encourage users to follow these three best practices to help avoid becoming a victim of a scam:
Slow it down. Scams are often designed to create a sense of urgency. Take time to ask questions and think it through.
Spot check. Do your research to double-check the details you are getting. Does what they’re telling you make sense?
Stop! Don’t send. No reputable person or agency will ever demand payment or your personal information on the spot”
MORE: DID YOU FREELY SAY ‘YES’ TO ALLOWING APPS PERMISSION TO YOUR GOOGLE ACCOUNT?
How else can I further protect myself from phishing scams?
The statement from Google gives some great advice, and I think it can apply to all phishing scams, whether the attacker is claiming to be from Google or not. I have a few of my own suggestions that I want you to keep in mind to further protect yourself from phishing scams:
#1 tip: Use antivirus software: This is perhaps one of the best investments you can make for yourself to protect yourself from phishing scams. Having antivirus software running on your devices will make sure you are stopped from clicking on any malicious links or from downloading any files that will release malware into your device and potentially have your private information stolen.
Special for CyberGuy Readers: My #1 pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package.
Read my review of my best antivirus picks here
Best Antivirus Protection 2023
Verify the sender’s email address: Check the sender’s email address carefully, as scammers often use slight variations or impersonate legitimate sources. If the email address looks suspicious or unfamiliar, do not click on any links or provide personal information.
Avoid clicking on links directly: Instead of clicking on links in emails, hover your mouse over them to see the actual URL. If the link doesn’t match the supposed source or seems unusual, refrain from clicking on it.
Be cautious with email attachments: Do not open attachments from unknown or unexpected sources, as they could contain malicious software. If you weren’t expecting the attachment or don’t know the sender, verify its legitimacy before opening it.
Enable two-factor authentication (2FA): Whenever possible, enable 2FA for your online accounts. This adds an extra layer of security by requiring a second form of verification, such as a unique code sent to your phone, in addition to your password.
Be cautious with personal information: Be wary of sharing sensitive information online, especially if it’s unsolicited or seems suspicious. Legitimate organizations rarely ask for personal details via email.
Report suspicious emails: If you receive a suspicious email claiming to be from a specific organization, report it to that organization’s official support or security team so they can take appropriate action.
Educate yourself and others: Stay informed about the latest phishing tactics and share this knowledge with friends, family, and colleagues. Awareness is a powerful tool in preventing scams.
Keep software up to date: Regularly update your operating system, web browsers, and antivirus software to ensure they are equipped to detect and prevent the latest threats. You can regularly check for these updates on your device’s settings app for software updates, and you can go to your App Store or Google Play Store (depending on the device you have) to check for updates on individual apps.
To check for software updates on your iPhone:
- Open the settings app, tap on General, then tap on Software update
To check for app updates:
- Open the App Store, tap on your profile picture, and scroll down to see if there are any available updates
Settings may vary depending on your Android phone’s manufacturer
To check for software updates on your Android device:
- Open the Settings app, tap on System, then tap on Advanced and System update, or on some devices just scroll down and tap on Software update. If there is a software update just tap download and install.
To Check for app updates:
- Open the Google Play Store, tap on the three horizontal lines, then tap on Manage apps & Device to see if there are any available updates
MORE: THE TWO APPS ON GOOGLE PLAY STORE THAT ARE PUTTING MILLIONS OF ANDROID USERS AT RISK
Kurt’s key takeaways
Whenever you receive an email, use your best judgment before clicking links or opening attachments, especially if it’s from someone you don’t recognize.
Google will continue to try to protect Gmail users from these kinds of phishing attacks. Their data on this particular abuse campaign shows them blocking 99%+ of these emails.
If you do happen to see a similar email reach your inbox, please report the email as abuse (instructions here) to help their tools get even better at protecting users from these campaigns.
What more do you think should be done to protect people from these malicious phishing attacks? Let us know by commenting below.
FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE