Very few internet users understand the meaning of the padlock icon in their web browser’s address bar. It represents HTTPS, a security feature that authenticates websites and protects the information users submit to them. Let’s go over some user-friendly HTTPS best practices to help you surf the web safely.
Older web protocols lack data encryption. When you visit a website that doesn’t use HTTPS, everything you type or click on that website is sent across the internet in plain text. So, if your bank’s website doesn’t use the latest protocols, your login information can be intercepted by anyone with the right tools.
The second thing outdated web browsing lacks is publisher certificates. When you enter a web address into your browser, your computer uses an online directory (called DNS) to translate that text into numerical addresses (e.g., www.google.com = 220.127.116.11) then saves that information on your computer so it doesn’t need to check the online directory every time you visit a known website.
The problem is, if your computer is hacked it could be tricked into directing www.google.com to 18.104.22.168, even if that’s a malicious website. Oftentimes, this strategy is implemented to send users to sites that look exactly like what they expected, but are actually false-front sites designed to trick you into providing your credentials.
HTTPS created a new ecosystem of certificates that are issued by the online directories mentioned earlier. These certificates make it impossible for you to be redirected to a false-front website.
Most people hop from site to site too quickly to check each one for padlocks and certificates. Unfortunately, HTTPS is way too important to ignore. Here are a few things to consider when browsing:
Avoiding sites that don’t use the HTTPS protocol is just one of many things you need to do to stay safe when browsing the internet. When you’re ready for IT support that handles the finer points of cybersecurity like safe web browsing and preventing trick DNS addresses, give our office a call.
Phishing scams are nothing new in the security industry. Typically, they involve a poorly written email that points you to an awful clone site of Paypal or eBay. For most of these scams, you can't help but to notice the warning signs. However, the new Google Drive phishing scam is much more deceptive.
Here's how this new phishing scam works. You'll first receive an email with a subject line such as "Documents." In the body of the email, you'll be asked to open an important document linked from drive.google.com. When you click this link, Google Drive will ask you to log in. Not only will the login form look identical to the real one, but the domain will look correct as well.
For many phishing scams, the domain of the web page is often a giveaway. For instance, the page will claim to be the Paypal login, but the URL will not be from Paypal. However, the new Google Drive phishing scam removes this red flag. The address will say 'Google.com.' That's because the official-looking login page is actually a preview page for a folder stored on Google Drive.
Thinking the page is safe, you'll enter your login credentials. The information is sent to a PHP form processing page on the hacker's domain. The processing page records your information and sends it to the hacker.
When it's over, you're shown an actual document to reduce the chance that you'll realize what happened. However, at this point, your Google account is compromised, and scammers can now log in and use your email or any other Google services linked to your account.
Google accounts are the primary target for phishing scammers. Scammers use your Gmail account to spam their phishing link to your contacts. Since your contacts recognize your email, they will more likely fall victim to the scam. Scammers can also read any important documents or information stored in your email account.
Stealing Google accounts is more than just email, though. Scammers can gain access to Google Play music. They can access your Google Wallet. They can generate the HTML file needed to verify your website in Webmaster Tools, which exposes your website's reporting data. They can affect your Adwords campaigns or view your Adsense data. They can even spam a phishing link using your G+ profile.
Some of these consequences seem minor, but users who integrate Google into their lives store a lot of sensitive information in these accounts. The level of consequences is dependent on the hacker's creativity and the amount of information exposed.
In general, don't open links from unfamiliar email addresses. Even if you know the sender, be suspicious of links to Google Drive that you were not expecting.
If you think you've been scammed, the first step is to change your Google account password. Then, log in to Gmail and scroll down to the bottom of the page. Click "Details" under the "Last Account Activity" text. Click "Sign out all other sessions" to lock out hackers who are currently logged in to your account.
Google also offers two-step verification. Two-step verification sends a pin number to your phone when you log in from a computer that isn't your personal one. This security process stops hackers from ever signing in to your account, even if they have your password.
A hacker's goal is to bypass security red flags and firewalls. This scam creatively hides any warning signs that would normally help people from avoiding it. If you think you've received one of these phishing emails, send it to the trash or report it to Google.
Contact Sensible about our Employee Security Awareness Training program. This self-paced program teaches your staff on how to identify email phishing and scams.
Google has issued a statement indicating "We've removed the fake pages and our abuse team is working to prevent this kind of spoofing from happening again. If you think you may have accidentally given out your account information, please reset your password."
Based on Google's statement the issue appears solved, however we have continued to find reports of the exploit indicating that it may still be ongoing.