Beware of ‘highly effective’ Gmail phishing scam

My recommendation is to not only change your password, but add 2-Step authentication. It’s what I do for my account.

Be careful what you click on, Gmail users.

An Internet security expert is warning users of the popular email service about a “highly effective” phishing scam that grants hackers access to personal information.

The newly discovered scam is said to be particularly deceptive because hackers have been using familiar Gmail pages to disguise its underlying attack.

“The way the attack works is that an attacker will send an email to your Gmail account,” Mark Maunder, founder of WordPress security firm Wordfence, wrote in a blog post published last week.

“That email may come from someone you know who has had their account hacked using this technique. It may also include something that looks like an image of an attachment you recognize from the sender.

“You click on the image, expecting Gmail to give you a preview of the attachment. Instead, a new tab opens up and you are prompted by Gmail to sign in again.”

At this point, the hacker’s deceiving ways come into play. The access to information is achieved upon sign-in.

“Once they have access to your account, the attacker also has full access to all your emails including sent and received at this point and may download the whole lot,” Maunder added.

“Now that they control your email address, they could also compromise a wide variety of other services that you use by using the password reset mechanism including other email accounts.”

Maunder goes on to explain how to protect yourself against attacks.

For more information, you can read his entire blog post here.



Answer “NO” if asked by callers “Can you hear me?”

​From encrypted passwords to padlocked doors, Canadians will go to extreme lengths to avoid scammers. Now it may not be safe to pick up the phone.

A new scam relies on your voice to answer a simple question: “Can you hear me now”? The scammers try to bait callers into answering “yes.”

Anti-fraud agencies say that simple acknowledgment can be used to make it sound as if you signed on for a purchase or service, and there’s a chance you could be on the hook for those charges.

“They’re trying to get a recording of you saying ‘yes,'” said Ron Mycholuk, a spokesman with the Better Business Bureau of Central and Northern Alberta.

“They’re going to take that recorded ‘yes,’ play around with that audio and make it seem to you, or a representative of a business, that you have paid for some advertising, a cruise or a big ticket item, and send you the bill.”

‘Don’t fall into the trap’