WebProNews

Tag: Phishing Scam

  • Gmail’s ‘Confidential Mode’ May Expose Users to Phishing Scams, Raises Red Flags at DHS

    Gmail’s ‘Confidential Mode’ May Expose Users to Phishing Scams, Raises Red Flags at DHS

    A new Google Mail feature has caused the Department of Homeland Security (DHS) to raise concerns about users’ privacy and security. According to reports, Gmail’s new “Confidential Mode” can be used to instigate scams like phishing.

    In April, Google revamped Gmail’s look. Along with a sleek, new user interface, the company also introduced several new features, including auto-generated smart replies, the capacity to put a message on snooze and the Confidential Mode.

    However, the new Confidential Mode reportedly raised some red flags at the DHS prompting it to issue an alert regarding the “potential emerging threat…for nefarious activity” the new feature could introduce.

    Gmail’s Confidential Mode apparently allows the user to control how their emails can be viewed and shared. For instance, the recipient of the email won’t be able to print or forward it. Users can also set an “expiration date” so that their email will self-destruct or automatically delete itself from the recipient’s inbox. There are also other layers of protection that can be utilized, like a text message code.

    While the features provided for a Confidential email seem fool-proof, it can actually open up a can of security worms. This is because non-Gmail users who receive a Confidential email will be asked to click on a link to access it. Scammers can take advantage of this process to create and send out fake confidential emails. Once the non-Gmail users click on the link, they can be tricked into giving out their private information. This is known as phishing.

    A DHS spokesperson confirmed that they have already reached out to Google “to inform them of intelligence relevant to their services and to partner to improve our mutual interests in cybersecurity.”

    Meanwhile, Brooks Hocog, a spokesman for Google, reassured users about the company’s commitment to protecting their users’ security. He stated that Google has already developed “machine learning” algorithms that can detect phishing scams, downplaying the issue.

  • Google Chrome Improves Protection Against Phishing Attacks

    Google Chrome Improves Protection Against Phishing Attacks

    Google has fittingly chosen October to make several security-related announcements. Dubbed as the Cybersecurity Awareness Month, the search giant announced that it will introduce a host of security enhancements to Chrome and Gmail for a more secure online browsing.

    For instance, Google has improved Chrome’s Safe Browsing Technology to prevent unsuspecting users from unwittingly giving away their personal credentials also known as phishing. Chrome browsers will now enjoy an added layer of protection as Google deployed what it calls “predictive phishing protection.”

    With predictive phishing protection in place, users will be warned that the website they are trying to access could be problematic. According to Google, the technology could detect that a site is used for phishing even if it has only been recently opened and has not yet existed long enough to be tagged as a phishing site as an analysis of potential risks will be done in real time.

    At the moment though, the predictive phishing protection only covers Google account passwords. However, it is possible that its reach may expand in the future to include all passwords and login credentials saved in Chrome’s password manager.

    In addition, Google has recently added some antivirus functions to Chrome for Windows, according to The Verge. The browser has a new option to detect possible tampering to its settings caused by rogue extensions. The browser’s built-in cleanup tool has also been improved to allows users to remove harmful software at the press of a button. While the cleanup tool is now touted to be more powerful thanks to Google’s partnership with IT security company ESET, the search giant warns that the revamped tool should not be considered a total replacement for regular antivirus software since it only guards against violations to Google’s Unwanted Software Policy.

     

    Meanwhile, Gmail users who suspect they may be targeted online may now opt to use the recently rolled out Advance Protection Program. Basically, Gmail accounts enrolled on it will have another layer authentication protocol to prove to the system that anyone trying to access the mails is the legitimate owner. This is achieved with the use of a USB Secure Key for PC access while authenticating email access on mobile devices is done via a Bluetooth Security Key, which can be bought for $20.

    [Featured Image via Google]

  • LinkedIn Password Leak Brings Email Spam

    LinkedIn Password Leak Brings Email Spam

    With more than 6.4 million LinkedIn passwords leaked onto a hash-cracking forum this week, there is no wonder that spammers will have a field day with the confusion it brought. Cameron Camp, a security researcher for the ESET cybersecurity software company, announced that ESET had been notified by “several” people that they had received spam emails purporting to be from LinkedIn. The emails asked users to confirm their email address with LinkedIn, and provided a link to do so. Camp reports that the link actually sent users to an online pharmacy. This spam email resembles others such as the Google+ spam email that was identified earlier this year.

    LinkedIn yesterday responded to the password leak within a few hours, announcing on its blog that affected accounts had been disabled and that members would be receiving instructions on how to reset their password. One point Vicente Silveira, director at LinkedIn, made clear in his blog post announcing the company’s response was that the emails sent out would not contain any links to reset passwords. From the post:

    …members will also receive an email from LinkedIn with instructions on how to reset their passwords. There will not be any links in this email. Once you follow this step and request password assistance, then you will receive an email from LinkedIn with a password reset link.

    This mirrors password advice Silveira gave in an earlier blog post yesterday where he stated that users should never change their password by following a link in an email they did not request. As Camp pointed out, these types of email spam are common, and these particular emails might not be related to the recent password leak. Still, users should be careful of these types of spam and other, more malicious phishing attacks which redirect users to websites spoofed to look exactly the same as the login page for a website they use.

    (Screenshot courtesy ESET)

  • Twitter DID NOT Release An App That Tracks Your “Stalkers”

    If you start seeing a message in your Twitter feed claiming that Twitter has released an app that tracks your stalkers, don’t believe it. It’s nothing more than a phishing scam, albeit a convincing one.

    The message reads “Twitter finally released an app that tracks your “Stalkers” get it here [LINK]“.

    @chloedarcyyy
    chloehanarrrr    Twitter finally released an app that tracks your “Stalkers” get it here http://i2h.de/b0td 9 hours ago via web · powered by @socialditto

    (Please note, I’ve removed the link from the above Tweet. In an effort to keep this scam from spreading around Twitter)

    If you click on the link in the tweet you’re greeted with an official looking Twitter authorization page, but looks are deceiving. The page asks you to confirm your username and password before you can “Find out who is stalking your Twitter”.

    Take a closer look at the address bar. Sure, the page looks legit, but the URL quickly gives it away. The page isn’t hosted at Twitter, and features “XXX” in the link (always a dead giveaway).

    Graham Cluley, of Sophos, gives us some good information and tips pertaining to this phishing scam:

    If you make the mistake of entering your username and password then you will handing over the keys to your account to phishers, who would then be able to use your account to read your private messages, send messages (perhaps spam-related or containing malicious links) to your followers.

    Worst of all, if you’re one of those people who uses the same password as you use elsewhere on the internet – you’ve now told the cybercriminals how to access, say, your Gmail, Hotmail or PayPal accounts as well.

    If you found your Twitter account was one of those sending out the phishing messages, or if you made the mistake of entering your username and password, then you must change your password as soon as possible.

    Hopefully Twitter will get involved and start auto-removing these posts before this spreads any further.