Jul
1
Image via CrunchBase
First Google rolls out Google+, then redesigns Google Calendar, and now it’s fiddling around with Gmail.
Hidden in the Themes section of the interface and named “Preview” and “Preview (dense),” the clean look is more spread out than the classic Gmail interface, basking in white space that makes it easier to read.
Jun
21
Image via Wikipedia
Are you an Outlook user? Have you received a message telling you that your account needs to be reconfigured, and requesting that you enter your username and password?
Here’s an email message that we have seen sent out to internet users:
Jun
7
Image via Wikipedia
The Gmail database is not congested, and Google is not asking users to confirm that their accounts are still active.
But, it seems that scammers are hoping that you might believe that’s true, according to one of the latest phishing attacks that has been spammed across the net.
Here’s what a typical email looks like:
Subject: De-Activation Alert!
Message body:
Dear Gmail Account User,Due to the congestion in our Gmail database, We will be shutting down all unused accounts before on the 30th of June. You will have to re-confirm your account as soon as possible to enable us upgrade your account before the deadline date.
To confirm your account kindly fill the account verification form.After Following the instructions in the sheet, your account will not be interrupted and will continue as normal. Thanks for your attention to this request.
[LINK]We apologize for any inconvenience.
Thanks & Regards,
Engineer.J.Williams
Upgrade Team Controller
As the link does point to a webpage hosted somewhere on Google.com, some computer users may believe that the form they are being directed to must be genuine. However, it is actually pointing to a spreadsheet on Google Docs – pages which can be created by any Tom, Dick or Harry.
And, in this case, a “Google account verification form” is attempting to trick you into handing over personal information – such as your name, full date of birth and password.
The eagle-eyed might spot the spelling mistake in the form (“confrim” rather than “confirm”) but you can hardly rely on the phishers making errors like that as a way of protecting yourself.
Well, they hope that potential victims will believe it’s a genuine Google resource as it is hosted at an authentic Google URL, and that rudimentary security software won’t feel comfortable blocking the entire google.com domain. (Of course, good security software is smarter than this).
Users shouldn’t forget that a site like Gmail knows if you have been using it recently or not – because every time you log in or send an email a record is kept somewhere inside the Googleplex.
Not that Google is likely to run out of any storage space or plan to shut down any dormant email accounts any time soon by my reckoning..
Source :- http://nakedsecurity.sophos.com
Jun
4
Image via CrunchBase
Original Post From Sophos . Author -Graham Cluley
We’ve seen some messages being spread on Facebook in the last day or so, claiming to link to a video of Barack Obama. Most of them appear to have been cleaned up by now (presumably by Facebook Security) but there are still some remnants lying around.
Here’s a typical message:
hello have you seen this recent video on the president? What is he doing in it?! LOL
or
What's the president doing in this video. OMG LOL!
Some versions of the message give away that the link will ultimately take you to a website ending with .co.cc. Almost all of the links we see in SophosLabs which end with “.co.cc” contain “bad stuff”. Perhaps it would be simplest if everyone simply avoided .co.cc links (and close cousins such as .cz.cc) as they are tainted by association.
And what sort of name is hzjqorbbmdnf anyway?
Regardless of the dodgy-looking nature of the link – what happens if you click on it?
Well, you will be redirected to what appears on first glance to be a Facebook login page. However, in reality, it’s a phishing page designed to steal email addresses and passwords from users who are so keen to see a video of their president that they’ll type in their credentials without thinking.
Here’s the fake login page:
And here’s Facebook’s genuine login page:
Did you spot all the differences?
Here’s the ones I found – well done if you spotted even more!
Starting at the very top -
1. The genuine login page calls itself “Log in” in its title bar. Amusingly, the real Facebook is inconsistent as to whether you “Log in” or “Login” to Facebook as later in the page it refers to “Facebook Login”. It’s odd to see a phishing page be more professional than the real thing.
2. That’s clearly not Facebook’s genuine URL. Interestingly, other pages on the domain contain clickjacking scams.
3. The real page gives me more language options – including UK English and Welsh which aren’t available on the phishing page. It’s possible that the real Facebook is doing some GEO-IP lookups and determined that I’m visiting from the UK – maybe users in other countries don’t see those options.
4. The phishers have the copyright date incorrect, believing it to be 2010 rather than 2011.
5. There are many more link options made available to me in the footer of the real login page, including “Badges”, “Mobile”, “People”, etc.
There’s bound to be more differences than the ones I spotted though. So, leave a comment below if you find any more.
If you’re on Facebook and want to learn more about spam, malware, scams and other threats, you should join the Sophos Facebook page where we have a thriving community of over 80,000 people.
Update: Wow! I can always rely on the eagle-eyed Naked Security readers who spotted some other differences.
Jun
3
Image via CrunchBase
Original Post from Sophos. Author – Graham Cluley
As has been widely reported, high profile users of Gmail – including US government officials, reporters and political activists – have had their email accounts hacked.
This wasn’t a sophisticated attack against Google’s systems, but rather a cleverly-crafted HTML email which pointed to a Gmail phishing page.
Victims would believe that they had been sent an attachment, click on the link, and be greeted by what appeared to be Gmail’s login screen. Before you knew it, your Gmail username and password could be in the hands of unauthorised parties.
So, what steps should you take to reduce the chances of your Gmail account being hacked?
1. Set up Two step verification
Google provides a facility called “two step verification” to Gmail users, which provides that extra layer of security. It requires you to be able to access your mobile phone when you sign into your email account – as they will be sending you a magic “verification” number via SMS.
The advantage of this approach – which is similar to that done by many online banks – is that even if cybercriminals manage to steal your username and password, they won’t know what your magic number is because they don’t have your phone.
Google has made two step verification easy to set up.
Once you’re set up, the next time you try to log into Gmail you’ll be asked for your magic number after entering your username and password. Your mobile phone should receive an SMS text message from Google containing your verification number.
Let’s just hope the bad guys don’t have access to your mobile phone too..
Here’s a video from Google where they explain two step verification in greater detail:
You can also learn more about two step verification on Google’s website.
By the way, note that two step verification doesn’t mean that your Gmail can’t ever be snooped on by remote hackers. They could, for instance, install spyware onto your computer which could monitor everything that appears on your screen. But it’s certainly a good additional level of security for your Gmail account, and one which will make life much more difficult for any cybercriminal who might be targeting you.
2. Check if your Gmail messages are being forwarded without your permission
Gmail gives you the ability to forward your emails to another email address. There are situations where this might be handy, of course, but it can also be used by hackers to secretly read the messages you receive.
Go into your Gmail account settings, and select the “Forwarding and POP/IMAP” tab.
If your emails are being forwarded to another address, then you will see something like the following:
That’s fine if you authorised for your emails to be forwarded to that email address, but a bad thing if you didn’t.
If your messages are not being forwarded you will see a screen more like this:
Hackers want to break into your account not just to see what email you’ve received up until their break-in. Ideally, they would like to have ongoing access to your email, even if you change your password or enable two step verification. That’s why it’s so important to check that no-one has sneakily asked for all of your email to be forwarded to them.
3. Where is your Gmail account being accessed from?
At the bottom of each webpage on Gmail, you’ll see some small print which describes your last account activity. This is available to help you spy if someone has been accessing your account at unusual times of day (for instance, when you haven’t been using your computer) or from a different location.
Clicking on the “Details” option will take you to a webpage describing the type of access and the IP address of the computer which logged your email account. Although some of this data may appear nerdy, it can be a helpful heads-up – especially if you spot a computer from another country has been accessing your email.
4. Choose a unique, hard-to-crack password
As we’ve explained before, you should never use the same username and password on multiple websites. It’s like having a skeleton key which opens every door – if they grab your password in one place they can try it in many other places.
Also, you should ensure that your password is not a dictionary word, and is suitably complex that it’s hard to break with a dictionary attack.
Here’s a video which explains how to choose a strong password, which is easy to remember but still hard to crack:
(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)
Don’t delay, be sensible and make your passwords more secure today
And once you’ve chosen a safer password – keep it safe! That means, don’t share it with anyone else and be very careful that you’re typing it into the real Gmail login screen, not a phishing site.
You always want to be certain that your computer is in a decent state of health before you log into a sensitive online account, such as your email or bank account. That’s one of the reasons why I would always be very nervous about using a computer in a cybercafe or hotel lobby. You simply don’t know what state the computer is in, and who might have been using it before.
6. Why are you using Gmail anyway?
Okay, I don’t really mean that. But I do mean, why are you storing sensitive information in your Gmail account?
The news headlines claim that senior US political and military officials were being targeted by the hackers. Surely if they had confidential or sensitive data they shouldn’t have that in their webmail account? Shouldn’t that be on secure government and military systems instead?
Always think about the data you might be putting on your web email account – because if it’s only protected by a username and password that may actually be less security than your regular work email system provides.
Jun
2
Image via CrunchBase
Google has posted to their blog information about a targeted attack against the personal Gmail accounts of US government officials, political activists, military personnel and journalists.
Mila from contagioblog provides much more detailed information about the attacks. The messages appear to be handcrafted and spoofed to seem to be from governmental colleagues of many of the victims.
Mila wrote about these attacks in February, but the big news is Google sharing this information publicly. Most organizations prefer to keep security problems to themselves and maintain the illusion that their services are perfectly secure.
While this attack is not specifically a problem with Gmail, it is a widespread security weakness in many cloud services. Google sharing information with the public about how these attacks are executed helps all of us learn from these situations and build better systems.
Google gives some good advice in their post, although it seems strange that they feel the need to push Google Chrome as a solution to all security problems…
If you are ever presented with a login screen in your browser and you didn’t type in the address of the site you are trying to visit, close the window. Only enter your password into pages where you entered in the URL.
Source :- http://nakedsecurity.sophos.com/
