Above quote and details from here.There's a new Gmail phishing attack going around, and it's fooling everyone
Tech professionals don't generally fall for phishing attacks: They know what to look for and when to be suspicious. One new attack, however, is even fooling the experienced.
Watch out for this sneaky Gmail phishing attack
-
- gamma jay
- Posts: 25455
- Joined: 17 Mar 2010, 17:33
- Location: Cape Town
Watch out for this sneaky Gmail phishing attack
Regards,
Rudi
If your absence does not affect them, your presence didn't matter.
Rudi
If your absence does not affect them, your presence didn't matter.
-
- Administrator
- Posts: 78686
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
-
- Administrator
- Posts: 12639
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Re: Watch out for this sneaky Gmail phishing attack
While you're watching out, there's a cute Amazon phishing attack out there too...
Amazon customers targeted in phishing scam
Amazon customers targeted in phishing scam
SC Magazine wrote: The con starts when the victim attempts to check out. A message appears stating the product is no longer available, but then the vendor will email the target saying the item is available and can be purchased by clicking on an imitation Amazon link included in the email. The link leads to a fake, but quite real looking, Amazon payment screen where all of the victim's Amazon login, payment and personal information is asked for.
StuartR
-
- 5StarLounger
- Posts: 1021
- Joined: 23 Jan 2011, 01:52
- Location: Witness Protection Program.
Re: Watch out for this sneaky Gmail phishing attack
You do not have the required permissions to view the files attached to this post.
Windows 11 Home 22H2
Regards,
George.
-
- Administrator
- Posts: 78686
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
-
- Administrator
- Posts: 12639
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Re: Watch out for this sneaky Gmail phishing attack
The easiest way to protect yourself against many of these attacks is to use 2-factor authentication on every site where you can
StuartR
-
- gamma jay
- Posts: 25455
- Joined: 17 Mar 2010, 17:33
- Location: Cape Town
Re: Watch out for this sneaky Gmail phishing attack
TX Stuart.
Regards,
Rudi
If your absence does not affect them, your presence didn't matter.
Rudi
If your absence does not affect them, your presence didn't matter.
-
- SilverLounger
- Posts: 2070
- Joined: 02 Mar 2010, 16:53
- Location: An Aussie in Norway
Re: Watch out for this sneaky Gmail phishing attack
Thanks for info Rudi.
... and here's me thinking Gmail is pretty safe compared with Yahoo and suggesting to my daughter to change providers. This attack you describe is very smart.
... and here's me thinking Gmail is pretty safe compared with Yahoo and suggesting to my daughter to change providers. This attack you describe is very smart.
CYa Ron
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.
-
- Administrator
- Posts: 78686
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: Watch out for this sneaky Gmail phishing attack
Gmail offers two-factor authentication. If you use that, and if someone manages to steal your username/password, they would also have to steal your mobile phone and unlock it, otherwise they won't be able to log in...
Best wishes,
Hans
Hans
-
- SilverLounger
- Posts: 2070
- Joined: 02 Mar 2010, 16:53
- Location: An Aussie in Norway
Re: Watch out for this sneaky Gmail phishing attack
You persuaded me Hans so I have set it up. Windows & Android devices all function and as I understand it, will continue to not need the extra code.
I avoided this feature previously thinking I would need the code every time I signed in on my devices. It pays to read the instructions
I avoided this feature previously thinking I would need the code every time I signed in on my devices. It pays to read the instructions
CYa Ron
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.
-
- PlutoniumLounger
- Posts: 15672
- Joined: 24 Jan 2010, 23:23
- Location: brings.slot.perky
Re: Watch out for this sneaky Gmail phishing attack
Today's National Post ran an article that says despite the bank of Canada's defences working, some bank computers are still vulnerable.Rudi wrote:There's a new Gmail phishing attack going around, and it's fooling everyone
This after employee training!
Thanks to the bank’s cybersecurity defences, the vast majority of those emails were filtered out before they reached their intended targets. For the 33 users who did open the emails and attachments, a second layer of the bank’s cybersecurity system kicked in, preventing the malware from transmitting any information to the hackers.
The bank’s employees, however, were not as reliable. Five of the 33 duped users opened the email and attachment even after the bank sent out a notification specifically warning them not to..
He who plants a seed, plants life.
-
- 5StarLounger
- Posts: 1021
- Joined: 23 Jan 2011, 01:52
- Location: Witness Protection Program.
Re: Watch out for this sneaky Gmail phishing attack
That will teach them for not being an Eileen's Lounge Member.
Windows 11 Home 22H2
Regards,
George.
-
- Microsoft MVP
- Posts: 1320
- Joined: 24 May 2013, 15:33
- Location: Warminster, PA
Re: Watch out for this sneaky Gmail phishing attack
That will go on their permanent record! "Too stupid to live."ChrisGreaves wrote:Five of the 33 duped users opened the email and attachment even after the bank sent out a notification specifically warning them not to.
-
- PlutoniumLounger
- Posts: 15672
- Joined: 24 Jan 2010, 23:23
- Location: brings.slot.perky
Re: Watch out for this sneaky Gmail phishing attack
but, but ...Roderunner wrote:That will teach them for not being an Eileen's Lounge Member.
They are, apparently, unteachable!
Cheers
Chris
He who plants a seed, plants life.
-
- UraniumLounger
- Posts: 9300
- Joined: 13 Feb 2010, 01:27
- Location: Deep in the Heart of Texas
Re: Watch out for this sneaky Gmail phishing attack
Could someone please help me overcome my ignorance about 2-factor authentication? I've searched and read several articles, but I'm still a bit perplexed. It seems to me that the concept requires divulging information that is not secure, in some cases, as the second factor. For example, the use of the personal mobile phone number as a second factor fails because it is information readily attainable from Internet or other sources and it is exclusively linked to my identity. How can using a personal identity value revealing one's identity be and improvement.
Puzzled in the Great American Midwest.
Puzzled in the Great American Midwest.
Bob's yer Uncle
Dell Intel Core i5 Laptop, 3570K,1.60 GHz, 8 GB RAM, Windows 11 64-bit, LibreOffice,and other bits and bobs
(1/2)(1+√5) |
-
- Administrator
- Posts: 78686
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: Watch out for this sneaky Gmail phishing attack
Hackers would need not only to know your cell phone number, but to have your cell phone in their possession!
Let's take Gmail as an example. When you set up 2-step verification, as Google calls it, you give Google your cell phone number; they send you a text message with a number code that you have to enter on the web page, to prove that you are the user of the cell phone.
From then on, each time you log in to Gmail, Google will send you a text message with another number code after you have entered your username and password, and you have to enter this code on the logon page. As a result, even if someone manages to retrieve your username and password, they won't be able to use them to log in to your Gmail unless they also steal and unlock your cell phone.
(To avoid having to receive a number code on your own computer, tablet or phone each time, you can tick a check box, similar to the check box "Remember me" here in Eileen's Lounge)
Let's take Gmail as an example. When you set up 2-step verification, as Google calls it, you give Google your cell phone number; they send you a text message with a number code that you have to enter on the web page, to prove that you are the user of the cell phone.
From then on, each time you log in to Gmail, Google will send you a text message with another number code after you have entered your username and password, and you have to enter this code on the logon page. As a result, even if someone manages to retrieve your username and password, they won't be able to use them to log in to your Gmail unless they also steal and unlock your cell phone.
(To avoid having to receive a number code on your own computer, tablet or phone each time, you can tick a check box, similar to the check box "Remember me" here in Eileen's Lounge)
Best wishes,
Hans
Hans
-
- Administrator
- Posts: 12639
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Re: Watch out for this sneaky Gmail phishing attack
The idea behind 2-factor authentication is that you use two completely different things to prove who you are. The options are usually described as
The most common two factors are a password and a mobile phone, but this is no longer considered sufficient by most authorities, because the protocols used by mobile phones are too easy to hack. Someone may be able to access the second factor even though they don't have your phone. This is why the US NIST has said that a phone should be avoided as the second factor (https://pages.nist.gov/800-63-3/sp800-63b.html
- Something you know (for example a password)
- Something you have (for example a mobile phone or a smartcard)
- Something you are (for example a fingerprint or your voice)
The most common two factors are a password and a mobile phone, but this is no longer considered sufficient by most authorities, because the protocols used by mobile phones are too easy to hack. Someone may be able to access the second factor even though they don't have your phone. This is why the US NIST has said that a phone should be avoided as the second factor (https://pages.nist.gov/800-63-3/sp800-63b.html
I use my mobile phone as a second factor for most accounts, because it is all that is available in many cases, and it is MUCH better than just using a password.NIST wrote: Note: Out-of-band authentication using the PSTN (SMS or voice) is discouraged and is being considered for removal in future editions of this guideline.
StuartR
-
- PlutoniumLounger
- Posts: 15672
- Joined: 24 Jan 2010, 23:23
- Location: brings.slot.perky
Re: Watch out for this sneaky Gmail phishing attack
Thanks, BobH et al. For helping me overcome some (more) of MY ignoranceBobH wrote:Could someone please help me overcome my ignorance about 2-factor authentication?.
He who plants a seed, plants life.
-
- UraniumLounger
- Posts: 9300
- Joined: 13 Feb 2010, 01:27
- Location: Deep in the Heart of Texas
Re: Watch out for this sneaky Gmail phishing attack
Thanks for the education.
I agree that the use of a mobile phone as 'something you have' when used with authentication is too prone to hacking to be used reasonably. I read the wiki on 2-factor authentication and could come up with nothing in my sphere would be satisfactory for the second factor. I wonder if retinal scanning (or is it iris scanning) will ever advance to the level of utility in this regard? Of course, photographs have become clear enough at magnification that even your retina/iris can be co-opted by someone else.
I agree that the use of a mobile phone as 'something you have' when used with authentication is too prone to hacking to be used reasonably. I read the wiki on 2-factor authentication and could come up with nothing in my sphere would be satisfactory for the second factor. I wonder if retinal scanning (or is it iris scanning) will ever advance to the level of utility in this regard? Of course, photographs have become clear enough at magnification that even your retina/iris can be co-opted by someone else.
Bob's yer Uncle
Dell Intel Core i5 Laptop, 3570K,1.60 GHz, 8 GB RAM, Windows 11 64-bit, LibreOffice,and other bits and bobs
(1/2)(1+√5) |
-
- Administrator
- Posts: 78686
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: Watch out for this sneaky Gmail phishing attack
While using a mobile phone for two-factor authentication is not 100% safe, it is many, many times safer than NOT using two-factor authentication at all!
Best wishes,
Hans
Hans