Rogues never seems to give up, and still is, that a web user will have to have his tongue right in the mouth when walking on the web.
In a post on Hackernews, there are reports now of a quite wily fraud method in which people’s Google accounts is the main objective.
For many Google-account the main account to protect; in particular, whether they use Gmail as e-mail service. A hacker with access to your email, will be able to get access to all of the other services also, since most allow you to reset your password via an e-mail.
So you cheated
the Scam starts with an e-mail from an e-mail contact which apparently is true (the person has then gone on to the same scam).
the E-mail is namely based on a previous e-mail that person has sent you with an attachment, but the attachment is replaced with an image file:
When you press on the “attachment” to see a preview, you get a fake Gmail login page.
It looks just like the original, but if you follow well with in the address bar you will see that something is not true:
Even if you indeed find the expected accounts.google.com-part of the way there, you will see that the address bar starts with data:text/html. Behind the text you see in the address bar above, there is very much space, but after that comes the actual code that generates the content of the web page.
And enter the username and password there, you’ve just given it from you to the criminals. Then it turns out that they are quick on hand to log in as you, find the e-mails you have sent previously and continue the scam against your Gmail contacts.
In the above-mentioned Hackernews post, which is written by a system administrator at a school in the united STATES, says that three employees and a handful of students were struck in the course of a few hours.
attention!
take therefore guard against this, since the fort can spread like fire in dry grass.
Remember that the legitimate page starts with https:// in the address bar, and that your browser will probably display a padlock or the like that confirms that it is to rely on:
And that Google is unlikely to ask you to sign in again to view an attachment when you are already logged into Gmail.
Can you ensure you?
to secure your Google account better, we recommend on a general basis to use Google’s tofaktorautentisering as an extra layer of security, but since this is a so-called “man in the middle”attacks, scammers however have the ability to log on as you; two-factor or not.
They can, in fact, try the login with a time, and ask you about engangskoden about Google ask for it in the other end.
Better assured you will be if you use a hardware-based tofaktorautentisering, Yubikey, or if you use a passordløsning as Lastpass, 1Password, or similar.
They will in fact not fill in the username and password automatically, so they would have made on the legitimate login page.
[via ITavisen]
ALSO READ:
So, you log out from your account
13 passordsynder you should avoid
Good advice from a hacker
No comments:
Post a Comment