Blog

3 ways to protect your employees from phishing attacks

AlphaBiz Solutions
4 September, 2017

Even tech-savvy Gmail users are falling victim to hackers who steal their login credentials, according to a security expert, who notes that increasingly sophisticated phishing techniques are being employed.

How does it work?

The hacker will first send you an email, which includes an attachment, according to Mark Maunder, the CEO of WordPress security plugin Wordfence. When you click on the attachment to preview it, a new tab opens to what looks like a Gmail login page.

However, it isn’t genuine.  

But why would I open the email from a random person in the first place?

The hackers have designed the email to look like it comes from one of your contacts, someone who is likely to have already been hacked by them. The email will contain a subject line and the attachment from the contact may look familiar – they may use a subject line that your contact has used before – and rename the attachment to something plausible. Once the hackers gain access to your emails, they will look for future targets they can send the phishing emails to.

Won’t I know something fishy is going on when I’m asked to log in again?

Not necessarily, because the hackers have been very clever when creating the phishing technique. When you open the attachment and a new tab pops open, the URL will look something like:

data:text/html,https://accounts.google.com/ServiceLogin?

That’s not a far cry from what it is meant to look like on the legitimate Gmail login page:

https://accounts.google.com/ServiceLogin?

And the login box, where you enter your email and password, looks like the real one.

How long has this phishing technique been going on for?

It’s been gaining popularity over the last year. Surely if you’re tech savvy, you’re safe? Sadly not. Even “experienced technical users” have become victim to the hacks, says Mr. Maunder. As for myself I too have had encounters with such attacks, saved only by my gut feeling, these techniques are mimic real digital life and take advantage of our complacency, you will be surprised how sometimes when something doesn’t quite feel right, it isn’t.

So how do I stay safe?

There are some checks you can do before typing in your login details: First, check the URL to see if it begins with: “data:text”. Second, if you widen out the bar, you will see there is a lot of blank space which may not be visible at first. Check to see if the URL has been verified, depending on your internet browser, the https:// might be in green, and there may be a padlock symbol before it.

You can also enable a two-factor authentication for logging in to your Gmail. So on top of the username and password, there would be an extra layer of security that will require an extra piece of information. This is usually a text message sent to your mobile phone with a code that needs to be entered after your password to continue.

What if my account has already been hacked?

First of all, if you can change your password straight away. Due to Google’s ‘interest’ in security, you can check your login history to find logins from unknown sources. Mr. Maunder also recommends using a security researcher who can check if your email has been part of data leaks, but adds: “There is no sure way to check if your account has been compromised.”

Google has made a statement regarding this on-going problem.

Google’s statement:

“We advise people to be careful anytime you receive a message from a site asking for personal information. If you get this type of message, don’t provide the information requested without confirming that the site is legitimate. If possible, open the site in another window instead of clicking the link in your email. You can report suspicious messages directly to us. Google will never send unsolicited messages asking for your password or other personal information.”