What is phishing?
An attack in which criminals pose as a trusted person to steal sensitive information, or plant malicious software on a computer. They may impersonate a friend or relative, a bank or a trusted organisation such as the police.
The latest attacks on Gmail users are carefully personalised, putting them in the category of more sophisticated and targeted “spear-phishing”.
How can I protect myself?
You should treat all emails containing attachments or links with extreme caution, clicking on them only when you are certain the message is genuine. If in doubt, contact the supposed sender to check.
Advertisement
Gmail users should also turn on two-factor authentication if they are not already using it. This requires users to enter a code sent to their phone, as well as their password, to access their account. It can prevent hackers from accessing emails even if they have stolen the password.
Anything else?
You should keep an eye on the URLs of any links you do open. In the latest Gmail scam, the dummy log-in screen does have “accounts.google.com” in the address, but it is preceded by “data:text/html”. On a genuine Gmail screen, there should be nothing before the host name other than “https://”.
Can I check whether I’ve been hacked?
You can check your login activity by clicking on the “details” tab at the bottom of your inbox. If there’s activity you don’t recognise that’s one giveaway. You could also check your sent messages for emails you didn’t send, but the hackers may have deleted these. If in doubt, you should change your password.