Google yesterday reported that its web based email service, Gmail, was hacked in what it calls a “very sophisticated” attack. The personal email accounts of several hundred people, including senior US government officials, political activists in China, and officials from elsewhere in Asia. Miliary personnel, journalists, and seemingly random people were also targeted.
The way this attack worked was, the hacker would use a phishing scam to trick users into giving away their login information. A phishing attack often first appears as an email message from someone official (for instance, from Gmail itself) asking a user to sign back in or re validate their credentials in some way. It can also be a link that, once clicked, unleashes a virus on the computer. Once the user enters his or her username and password as the message prompts, that information is sent to the hacker in China, who can then login to the user’s email account, read and monitor all message, change settings for email signatures and rules, and even set up forwarding copies of emails to addresses specified by the hacker.
In worst case scenarios, hackers with this power over email accounts can extract sensitive personal data from the victim of the attack, such as bank account information, credit card numbers, and the personal information of others in their contact lists. Armed with credit card information, a hacker can then sell the information or use it him- or herself to make purchases in the name of the person whose details were stolen.
Other bad scenarios involve matters of homeland security, since top military and government officials from the United States were hacked. This begs the question, however: why on earth are senior US officials allowed to use Gmail in the first place? Shouldn’t they be using highly secure government mail run by the White House instead? cableinternetbundles.com
Granted, Secretary of State Hillary Clinton said today that the accounts compromised were the personal email accounts of senior government officials — not their government accounts. I suppose in a land of freedom and democracy, top ranking government officials have a right to free, personal email with lots of storage just like the rest of us. And hopefully, those people didn’t use a lot of personally identifying information while logged in to their Gmail accounts anyway. Take Hillary, for example: surely she wouldn’t login as hclinton52@gmail.com and conduct sensitive government business via Google mail. At least, we hope not. What we hope is that the extent of her dealings with Gmail involves having a disposable address to use for signing up for Groupon.com or just staying in touch with old high school pals she doesn’t really talk to often anyway.
Nothing to write home to China about.
So, how do you protect yourself from an attempted phishing scam in Gmail?
- First, make sure you change your settings to only use a secure login. To do this, go to Settings/General, and click the circle beside “Always Use https.”
- If you receive an email message containing a link that asks you to verify any login information, do not click the link. Gmail would never send you email messages asking for your username and password.
- Also, if a link of any sort comes from anyone you do not personally know, delete the message and do not click the link.
That should help lock things down. You can also periodically check your Gmail account activity by logging into Gmail from your Browser and scrolling all the way down to the bottom of the page. There you will find the words “last account activity” followed by a length of time, and an IP address. Then you will see a link to “details.” By clicking on this, you will have options to log out of any and all other sessions, view IP addresses that have logged on, and change settings for receiving alerts in case of suspicious activity.
That’s how to lock it down, y’all.
Internet Health Feed
