Gmail phishing attack spreads panic – Top tips on protecting yourself

The recent Gmail phishing scam that is alleged to be from Jinan, China, while it was relatively harmless according to Google, has given awareness to the online community to check their security status.

According to Google’s blog post on Wednesday, there was an attempt to lure Gmail users to deliver their password information to hands of hackers, which Google identified them as originated from Jinan, China. The targets, according to the blog post, were “senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists.”

Google assured that its online security was not compromised and this attack was not from a security failure on Google’s part. Rather, this is what is called a phishing scam, tricking the users to deliberately expose their sensitive information to the third party.

Phishing is different from hacking attacks in a sense that hacking will break and enter into one’s system and steal data while phishing deceives the user to voluntarily give out their information. Often, phishing will come in the form of email that resembles something like “update your account security – click the link below to reset your password”, which then will ask for your password or other important personal information such as the social security number.

The techniques on phishing have grown over the years to look very similar to an official letter, but cautious action can prevent you from being the victim of phishing scams.

Here are few lists to add safety to your online accounts:

Avoid sending sensitive information over email

If you receive an email that asks for your sensitive or confidential information, such as your password or financial information, disregard it. Most organizations and financial institutions do not ask for such sensitive information via email.

Avoid clicking URL links in disguise

Sometimes phishing scammers insert an URL link in the email, but it will redirect to a separate site when you click it.

You can find out the real destination of the link by rolling your mouse cursor over the link (but do NOT click it) and look at the bottom left corner of the web browser.

Look for an extra “s” in URL beginning – “http” vs. “https”

Before entering password, make sure the site is secure. If the URL begins with “https” (with an extra “s” at the end), it means the site is secure. Do not enter sensitive information – such as your password – on unsecure pages.

Note, however, that a “secure” site does not necessarily mean it is safe, since a phishing scammer may have their own secure page on that site.

Follow the security guidelines of the website

Most email, online banking, and other online services provide extra layers of security, such as verification code, strict password requirements, etc. Usually extra layers give more security.

Check your online records periodically and see whether something is wrong

Check whether there are suspicious activities in your bank statement. Check whether your email account setting was altered (such as automatically forwarding to an unknown email).

Get security software for your computer and update often

It is always a good idea to have security software, like anti-virus or anti-spyware, and make sure you update it frequently. Sometimes a malware (malicious software) may have infected your computer, which could potentially send information from your computer to hackers. The security software could also potentially prevent you from ever installing malware to your device.