I’ve written regularly about the virtues of Gmail. While I don’t necessarily agree with all of Google’s business practices, and their acknowledged practice of suppressing certain results in their search engine is at the top of my list, I think their apps are the best thing going. I’ve been a Gmail and Chrome user for the last six years and haven’t regretted my decision once. I’m not alone, since at last look, there are 1.2 billion Gmail users around the world. As I often say, though, with such a large group utilizing a service, Gmail is a great target for cyber criminals. The latest, and one of the “best thought out” phishing schemes involves Gmail and a text message. Today, we’ll show how you can avoid becoming a statistic.
In case you’ve forgotten, “phishing” is defined as the attempt to steal sensitive information by pretending to be a trustworthy entity on the Internet. “Phishing” is pronounced exactly the same as “fishing”, and the same dance occurs: cyber criminals throw a line in the water and see if anyone will bite. Once you’ve grabbed their lure, much like a fish, it’s all over. This scam fits the definition to a T. Here’s what happens: A potential victim will receive a text message asking if they have requested to have their Gmail password reset. The e-mail address is listed in the message. The message continues to say that if they didn’t initiate the request to text STOP. Obviously, if you didn’t request this, your first impulse is to type STOP. Don’t do it! If you do, the hacker will know that they have reached a valid phone number. Upon texting STOP, the hacker will send another text message, telling you to send a six digit code to confirm the STOP request.
Why is this a big deal? Well, if these scammers receive a code that actually works, the pathway to accessing your Google related accounts has become much shorter. Just think of the programs and information they could have at their fingertips by simply changing your password: Gmail, Google Drive, YouTube, Google Calendar, Google Play, Google Docs, Photos, etc., etc. It’s not a big leap from there to steal your Apple ID, Facebook login, Twitter, and on and on. The possibilities are scary to think about, and the number of people that could then be reached is staggering if just one account has become available to them.
So, what can we do to stop (no pun intended) this? First of all, be aware that Google will never ask you if you don’t want to do something with your account. It’s safe to say that other web-based e-mail providers operate the same way. Next, never respond to a message from an “Unknown Number” or a phone number you don’t recognize. A text message from Google would originate from a number like 220-00, and not from a “traditional” phone number. If you do receive one of these phony phishing texts, contact Gmail’s support and let them know exactly what happened. Finally, like I always say, you are your best defense. If you know that you didn’t request that your password be changed, don’t let someone tell you that you did. Common sense is always the best way to combat these threats. Don’t be afraid, be aware.
Keep your eyes open because it’s a crazy world out there! As always, if you have any questions, Finish Line is happy to help. Don’t become a statistic, and “Don’t Let the ‘G’ Stand for ‘”Gullible'”!