There has been a rash of phishing schemes lately. Phishing is where a hacker fools you into entering your login for something online, on a bogus website, in order to capture your login credentials.
For example, you may receive an email that looks like this:
*** START OF SAMPLE – DO NOT CLICK ANY LINKS ***
Hello,Check the new important document from Google Docs Click here.
Its a Good one
Thanks
Johnny
*** END OF SAMPLE – DO NOT CLICK ANY LINKS ***
When the user clicks on the link, it takes them to a page that looks like this:
Then you click on the Gmail link, for example, which opens a window that looks like this:
Then you enter your username and password, thinking nothing of it – it obviously fails. Now for the best part: it actually REDIRECTS you to a proper Google Login page, where you can login, and it works. Since it works the second time, even though the page is completely different, you think nothing of it. But, there’s no shared document…WTF? Weird, right? Most people think the sender may’ve made a mistake and don’t think twice about it.
Whenever you are asked to login to a service like Google, just check the address bar. In the case of this particular phishing attempt, this was the address:
The thing to look for is what’s after the last two dots in the address. In this case it’s barracuda.com.ve – it’s a bogus domain name.
If you were at a proper Google Login page, it would look like this:
Notice two important things:
The ‘https’ – this means the connection is secure, and that data submitted can’t be intercepted between your computer and the website. Google uses https (SSL) on every login page everywhere. If you don’t see this, don’t login, plain and simple.
Secondly, notice the actual address – the complete domain name ENDS with google.com – this confirms that is an actual Google page.
So, the moral of the story is: Always be wary of people sending you links to login. Clicking the link is actually not too big of a deal, it’s what you do once you’re there.
If the page you arrive at looks even mildly suspicious, just close your browser window, and trash the message that contained the link.
I hope this is helpful!