Earlier this week, a big phishing scam came to light after more than a million Google Docs users received a malicious email. While the users' contact information was leaked, Google said that no other information had been compromised. If users clicked on the attached document sent to them, then, potentially, details of their e-mail accounts, contacts and online documents were vulnerable to the hackers.
Here is some basic information on phishing and how you can prevent from becoming a victim.
What is phishing?
Phishing is a technique used by hackers to get control of users' online accounts by impersonating a trusted service such as Google or Facebook. Most hackers use malicious emails or send out links which look like they have been sent by the original website. The pages are also designed to look like original websites, so users are lured easily.
How common is phishing and what are the mediums it is spread through?
Phishing is one of the easiest techniques for hackers to target unaware users. A report by Avast security suggests that just in the first quarter of 2016, there was a 250 percent jump in phishing attacks. Verizon enterprises also released a report analyzing 2,000 online attacks, and 300 of them were related to phishing.
Email is one of the most commonly used mediums for such attacks. There are malicious attachments that give hackers access to the account or there are fake links to forms to change the user's account password. The Avast report says that 93 percent of phishing emails had encryption ransomware.
How to protect yourself from phishing?
Here are a few pointers to save yourself from a phishing attack:
- Don't share your passwords with anyone.
- Check the email addresses of official looking emails. If there are suspicious email ids in cc then it is highly likely that it is a Phishing email. In the Google Docs attack there was one such email address, hhhhhhhhhhhhhhhh@mailinator[.]com.
- Check the URL of the website attached in the email. Often there are minor changes, such as in the domain name, where .org might replace .com
- Always try and know what the official email IDs of these services are.