New Gmail Phishing Scam Puts over 5 Million Businesses at Risk
Over half of Fortune 500 companies use Google Apps in an official capacity
Over 5 Million companies use Google Apps and Email for Business
If your company’s credentials were compromised, how well could your company weather the storm?
Everyone sooner or later gets phishing email. A member of our security team got just that; a phishing email masquerading as Gmail administrators.
The email at first looks legitimate. But notice the “From” address in the upper left hand corner, and misspelling at the bottom of the fake alert. Clicking on the link takes the user to a clone of a real login page.
It then takes the user to a verification page.
Scammers are looking for email and password information. Once this is input into the fake site, the user is redirected to the actual Google site.
This scam was looking for personal credentials: username, phone number and password. It was not downloading ransomware or other malware. The stolen credentials can be given to a bot which then scans through various websites plugging in the information. If the captured login credentials happen to be reused, hackers could gain access to credit cards, bank information or electronic medical records. This is a phishing scam with prevalence in the U.S. For further information on this please see our blog at: https://layer8cybersecurity.com/isp-phishing-scam/
Users must be security conscious to avoid clever scams such as this.
- Use the reading pane to view email before opening
- Hover the cursor over the sender’s address
- Inspect all the information before opening
- Never click on an embedded link or executable
- Contact the IT or Security staff if anything looks suspicious
- Check with the legitimate organization directly to confirm there is a problem
Emphasizing good cyber hygiene may be getting a bit repetitive, but it works and helps protect the user and the organization from scams and cyber criminals like those above!
If you are interested in learning more about phishing, cyber crimes, cybersecurity and how to create a resilient business, please contact us at: firstname.lastname@example.org
BACK TO BLOGS