Cyber “Hoot” Wednesday: Avoiding Phishing Attacks

How Phishing Attacks Work

An easy example of how phishing attacks work is to take a look at a case that has already happened; a phishing attack utilizing Google Docs hit numerous Gmail accounts about a year ago. The phishing email was sent from compromised Google accounts to other Google accounts for approximately three hours, after which Google intervened directly and stopped all such emails. The email contained an invitation to a Google Doc, and if clicked, the link took users to a fake App that asked for permission to access the user’s Gmail account. The phishing email was convincing enough to have fooled some Google users into giving permission.

What Damage may have Occurred?

The primary damage could be significant or benign depending whether your Gmail account was logged into by the attackers.  The main attack then automatically resent the same attack to all your Gmail contacts (secondary damage being social embarrassment from being phished). However, there was a small potential that the attackers may have logged you’re your compromised Gmail account to study your emails, reset other online account passwords, or change account recovery options on your Gmail account!  There was no known malware in this attack, which infected recipient computers.

What to do if you were (or think you may have been) compromised in this attack?

Google acted very quickly to reports of this phishing attack, stopping all related emails within 3 hours of the outset of the attack.  If you think you may have been compromised here are six steps to take as soon as possible (Google recommendations):

1. Go to your Google account management page.
2. If you see an app called Google Docs, click on it to opt to revoke permission for the app to access your account.
3. Then change your password [to something unique], just to be safe.
4. Enable two-factor authentication on your account as an extra precaution. Two-factor authentication is the option to text a code to a phone number on file for your account so only a person with both your password and your cellphone can access your account. If you are unfamiliar with topic, check out our article on Two-Factor Authentication.

CyberHoot’s Additional Recommendations:

1. Check your account recovery options to validate hackers did not change those to re-access your account once you changed your password.
2. Immediately change passwords at sites using the same username/password as used on your Gmail account.

CyberHoot knows that in the absence of a password manager, people reuse passwords throughout their online accounts!  If your Gmail account was compromised by this attack, hackers might be trying to log into other accounts you have even after you removed the hackers access to your Gmail account.  One of our favorite password managers – LastPass – once populated up with your online accounts, will tell you which accounts reuse your Gmail credentials.  Change those to unique passwords to eliminate this cybersecurity risk now and in the future. If you would like more information on this topic, check out our article on Passwords, Passphrases, and Password Managers.

Event Summary:

This was a simple but highly convincing phishing campaign designed to steal Gmail account credentials.  Before clicking or opening anything always be sure to answer these questions affirmatively:

1)      Was I expecting this email?

2)       Was this email…

• Addressed to me directly by name?
• From someone I know?
• Is the sending email address 100% correct?  (watch for slight variants like g00gle.com)

3)       Is the grammar, spelling, email construction correct?

4)       Does my gut tell me there is absolutely nothing wrong with the email.

If you answer NO to any of those, pick up the phone and call the sender to confirm they sent the message to you on purpose; otherwise, delete the message.

Stay safe online!

Editors Note: There is an article we wrote, Domino Breaches: Get Ahead of this Breach ASAP to stop the Falling Dominos. This article on phishing details another variant of attack similar to the Domino attack article published just over a month ago. Similar attacks have been made against Microsoft’s O365 users. No-one is truly safe online today without adopting the technical protections outlined in this article. Be safe online and remember, “Knowledge is Power!”.

Author, Craig, Co-Founder – CyberHoot

Editor, Ty Mezquita, Blogger/Social Media – Cyberhoot