Photo: Sean Anthony Eddy / E+ / Getty Images
Click Here To Listen Live https://www.iheart.com/live/news-radio-wtam-1100-17
Agent Derek Meister from the Geek Squad spoke to Bill about Don't Fall for This New Gmail Phishing Scheme and How to identify and avoid phishing email scams
https://lifehacker.com/tech/dont-fall-for-this-new-gmail-phishing-scheme
If you receive an email from Google that appears to be a legitimate security alert, be aware that scammers are taking advantage of vulnerabilities in Google's authentication protocols to send phishing messages that appear convincing enough to steal unsuspecting users' account credentials. Here's how to protect yourself.
A developer named Nick Johnson was recently targeted by a phishing email with the subject line "Security alert." The message was sent from no-reply[at]accounts.google.com and signed by accounts.google.com, making it seem like a legitimate email directly from Google. However, the message led to a fake Google support page hosted at sites.google.com, which directed visitors to "upload additional documents" or "view case." This ultimately led to a fake sign-in page that asked for account credentials, where scammers would then collect the target's Google login credentials.
How to identify and avoid phishing email scams
Phishing emails can be more difficult to catch when they originate from a real or recognizable email address—at least on the surface—as fake addresses with misspellings are the first giveaway of a scam. Generally speaking, you should think twice before engaging with any message that has a tone of urgency or evokes an emotional response even if it looks real.
If you get an email like this from a company you know and whose services you use and the message appears legit, don't click any links or download any attachments. Go directly to the company's website by typing in the URL, and check official social media accounts or customer service channels for any alerts related to the message you received—especially if the email has to do with account security or recovery or your personal information.