Pages

Friday, May 16, 2014

DON'T TRUST THIS EMAIL FROM GOOGLE

From KIMKOMANDO,

komando-special-alerts@lyris.komando.com

we received this email concerning hacking attacks in the form of an email from GOOGLE:

There's a dangerous new threat that's trying to steal your Google password. If you fall for it, hackers will have full access to your Gmail account, YouTube account, Google+ account, Google Search History and any other Google services you use. From there, they can break try to break into other similar accounts, like Facebook, or pretend to be you to trick your friends and family into giving away important information. So, you definitely don't want to fall for this one.

The Threat

The threat arrives in the form of an email, supposedly from Google. The subject line varies, but it's some form of "Mail Notice" or "Lookout Notice." The body of the email says this:  GOOGLE MAIL NOTICE This is a reminder that your email account will be locked out in 24hours Due to not being able to increase your Email storage Quota Go to the INSTANT INCREASE to increase your Email storage automatically. INSTANT INCREASESincerely Gmail Team, Copyright ©2014 Gmail. All rights reserved.  In the real email, the words "Instant increase" are linked. If you click the link, you'll end up on a page that looks like the Google login page.
However, if you put in your username and password, they'll be sent right to the hackers behind the email. Then they have full access to your Google account. One thing that makes this message especially dangerous is the link itself. It's designed to bypass Chrome and Firefox's normal checks for phishing links, so you won't get a warning.

How you know the email is fake

As I demonstrated when I pointed out 5 things wrong with this email from Amazon, there are a few giveaways that this email isn't real. Spelling isn't really an issue this time around, but the grammar isn't up to the standards of the one of the most profitable companies in history. There's no Google logo and the From address says "Gmail," but isn't a Google domain name (i.e. there's no "google.com" in it). Finally, as always, Google will never ask you to click in a link in an email. It will tell you to go to Google.com to sign in and where to go to fix your account settings. This is true of any major company.

What to do if you get this email

Obviously, don't click on the link. Instead, just delete the email and continue on with your day. Opening the email won't hurt anything, so don't panic.

If you got this email and fell for it, then you need to immediately change your Google account password. You should also change the passwords of any other accounts that used the same password. Click here to learn how to create strong and unique passwords. In the future, any unsolicited email you receive that has a suspicious link or attachment, you can just delete. If you aren't sure whether or not it's real, go to the company's website to get its contact information. Then call the company, or individual, to confirm if the email is legitimate. Don't use contact information in the email itself.

Thanks KIMKOMANDO for the always good advice you provide.

George Freire