Google Warns This Email Means Your Gmail Is Under Attack
You do not want to get this email.
With all the cyber security attacks compromising smartphones and PCs, it would be easy to conclude there’s little you can do to stay safe. But the truth is very different. Most attacks are easily prevented with a few basic safeguards and some know-how. In reality, a number of simple changes can defend against most attacks.
So it is with the FBI’s two warnings this week. The first a resurgence of the Phantom Hacker attacks which trick PC users into installing rogue apps. And the second a raft of fake Chrome installs and updates which provide initial access for ransomware. If you just avoid installing linked apps in this way you will steer clear of those attacks.
It’s the same with a new Amazon impersonation attack that has surged 5000% in just two weeks. Don’t click links in messages — even if they seem to come from Amazon. And now Gmail attack warnings are turning up again on social media, which will likely frustrate Google, because their advice has been clear but is not yet landing with users.
The latest Gmail warnings come courtesy of a refreshed EasyDMARC article covering the “no-reply” attacks from earlier this year, hijacking “[email protected]” to trick users into clicking links and giving up their Google account sign-in credentials.
Here again the advice is very simple. It shouldn’t matter whether an email appears to come from Google. If it links to a sign-in page, it’s an attack. Period. And that means any email that seems to come from Google but has a sign-in link must be deleted.
“Sometimes,” Google warns, “hackers will copy Google’s ‘Suspicious sign-in prevented’ emails and other official Google emails to try to steal someone’s account information.”
But the company tells all account holders that “Google emails will never take you to a sign-in page. Authentic emails sent from Google to your Google Account will never ask you to sign in again to the account they were sent to.” It’s as simple as that.
Similarly, Google will never “ask you to provide your password or other sensitive information by email or through a link, call you and ask for any forms of identification, including verification codes, send you a text message directing you to a sign-in page, or send a message via text or email asking you to forward a verification code.”
With that in mind, you should not fall victim to these Google impersonation attacks, and if you stick to the basic rules on installs, links and attachments, then you’ll likely stay safe from most of the other ones as well.