How Spam Emails Can Be Used to Steal Your Gmail Password

spam steal gmail password

Having a strong, unique password is not always enough to protect your Gmail account against cybercriminals. The research shows you cannot always rely on Two-Factor authentication either, so you may wonder what it takes to keep email secure. The answer is: staying alert. Last year, Google carried out research that revealed most accounts get compromised because of phishing scams. Phishing is a form of social engineering, which means cybercriminals do not need to steal any passwords. Instead, they only need to convince their victims to reveal such sensitive data themselves. Therefore, it seems to us, knowing hackers' tactics or in other words understanding how they might trick you is the best way to stay safe. Consequently, in this blog post, we will present a couple of examples of Google phishing attacks that happened in recent years and provide you with other useful information, which should help you keep your account secure.

What are phishing attacks and how do they work?

A phishing scam is an attempt to make the user reveal his sensitive information without even realizing it. Usually, scammers pretend to represent some reputable company, for example, a bank institution or targeted victim's email provider. Mostly, it depends on what information the hackers wish to obtain. Next, the cybercriminals need to come up with a reason why the user should provide their sensitive data. For instance, in banking scams, hackers often claim the user's account was compromised, and he needs to submit his login information to verify his identity and protect the funds in it.

Examples of Google phishing attacks

A few years back cybercriminals were able to hijack some email accounts by sending potential victims phishing messages to their mobile phones. This phishing scam affected not only Gmail but also Hotmail and Yahoo users. Apparently, to be able to initiate it the hackers first had to learn the victim's email address and his telephone number. Next, they would ask Google to reset the targeted account's password by pretending to be its owner. To bypass Two-factor authentication, the cybercriminals sent their victims text messages claiming the user's email account might be hijacked and he needs to respond with his verification code. Unfortunately, some users fell for it and revealed the verification codes that Google sent to reset the password.

Moreover, a year ago some hackers managed to gain full control over users' Gmail accounts by tricking them into installing a fake Google Docs application and allowing it to access their emails. The scam was reported by a Reddit user who almost fell for it. It would seem what stopped him from accidentally giving his account away to cybercriminals was the fake Google Docs application's publisher, which appeared to be some random Gmail account. According to the Google's official statement, published in the mentioned Reddit post, this phishing scam affected less than 0.1 percent of Gmail users because the company took immediate action and its team was able to stop the attack in only one hour.

There were also recent reports about a Google phishing attack during which cybercriminals supposedly used hijacked accounts to send spam messages. The suspicions started after some users noticed spam messages in their Sent emails folders. Naturally, people started freaking out after seeing messages they did not write themselves and realizing changing the account's password did not work created even more panic. Fortunately, it appeared to be none of the accounts were compromised and the spam emails ended up on users' Sent folders because of Gmail's database glitch that made the system place spam messages in a wrong folder. The only hope is the confusion brought not only stress but also more awareness on phishing scams and how to act if you believe your account is compromised.

How to recognize Google phishing attacks and how to react to them?

As we mentioned, in the beginning, the key is staying alert. Never forget that your passwords, authentication codes, or other data alike is supposed to be secret and even the account's providers should never ask for it. Thus, if you receive an email, a text message, a phone call, or a pop-up advertisement asking you to provide any sensitive information related to your Google account or even hurrying you to do so, you should realize something is not right. Instead of handing in any information you should question whether the request is legitimate even if the website asking for your data looks authentic. Sadly, cybercriminals can create convincing copies of Gmail login page or Google text messages, so identifying fake content might not be easy. For more tips, you could continue reading our blog post called How to Spot and Avoid Phishing Scams. What's more, if you identify a phishing attack you should report it to Google at once so it could be stopped as fast as possible.

How is Google planning to prevent phishing attacks?

The company works hard to protect users' accounts from phishing scams, and it looks like they may have found a perfect solution. A few years ago, Google employees were given USB security keys, and since then no one from the staff fell victim to a phishing scam. It is often said Two-Factor authentication can secure the system because it allows logging into a particular account when presenting something only the user has. Unfortunately, the Google phishing attack example we mentioned earlier, in which scammers tricked users into sharing their security codes with fake text messages, proves there are exceptions. On the other hand, a physical key you would need to plug into your computer's USB port, could not be obtained this way. The idea sounds promising, and it is already supported not only by Google, but also Facebook, Dropbox, and other companies.

To conclude, we do not say using a strong password or enabling Two-Factor authentication could be useless. These measures may protect your account in cases when someone might try to hack it, but when it comes to phishing, you are the only one who can protect your privacy.

By Foley
September 7, 2018
Password Security
English
September 7, 2018
Password Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

How To

How to Recover a Forgotten Gmail Password

When you're signing up for a new Google account, the form asks you for a fair amount of information, including a secondary email address and a phone number. These fields are optional and some users leave them empty... Read more

March 15, 2018
How To

How to See My Gmail Password Once I Am Logged In

So you've forgotten your Gmail password for whatever reason – maybe you misplaced it, or it was too complex to remember, or you just have too many other passwords to remember, and now it has slipped your mind. Still,... Read more

September 5, 2018
How To

How to Quickly Switch Between Different Gmail Accounts in Any Browser Using Cyclonis Password Manager?

In a perfect world, all of us would have just one Gmail account for everything, and it would be more than enough. But you've probably just snorted reading this line because, what are the chances, right? It is more... Read more

August 8, 2018
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.