advertisement

Follow Mint Lounge

Latest Issue

Home > Smart Living> Innovation > How to identify and not fall for email phishing scams

How to identify and not fall for email phishing scams

Emails asking users to share their personal information or suggesting them to change their email settings can be a phishing scam. Go through the mail carefully before clicking on any link or attachment

Try to avoid emails asking for personal information, resetting password to an account linked to the email, or updating permissions. Photo: Bloomberg
Try to avoid emails asking for personal information, resetting password to an account linked to the email, or updating permissions. Photo: Bloomberg

The ‘Google Docs’ phishing attack which affected millions of users globally earlier this week (it impacted Gmail and Google Docs users) is perhaps the latest high-profile security threat affecting both smartphone and PC users. The ‘Google Docs’ phishing attack was masked as a bulk mail sent by someone known to the recipient. Those who received the mail were asked to check out a link to a Google Docs file. It landed them on a fake Google security page where they were asked to update email permissions and grant the fake docs app the permission to access their email.

By clicking on what looked like a standard mail, users ended up giving hackers control over their entire email history, attachments and contacts. With access over contact, the mail was forwarded to every user in the contact list of an infected email account. This is one of the reasons why the phishing attack infected millions of accounts in just two days time.

Google has reportedly disabled all malicious accounts and sent out updates to all Gmail users.

Hackers have been sending out emails with links to malicious websites to fool users and steal personal information from their inbox for many years now.

Here are some tricks to tackle phishing mails in the future.

Revoke access to unwanted devices and apps

First of all, if you think that your email account has been compromised to a phishing attack and someone else has access to your email, you can review the devices connected to the account by clicking on security check at here. If any of the devices which have been used to access your account in the last 28 days appear unfamiliar, you can remove the device’s access to the account. You can also revoke access to apps or services connected to your Google account at here.

Check all details in a mail

Most phishing attacks have some key identifiers. For example, in the Gmail phishing scam, one of the recipients was a user called hhhhhhhhhhhhhhhh@mailinator.com. The trick is to go through the entire mail carefully, including the names of senders and other receivers. Try to avoid emails asking for personal information, resetting password to an account linked to the email, or updating permissions.

Use filters to block harmful sites and links

Emails with embedded link often land users on a website which may look like a legitimate website. Spoofing the sender’s address to look real is also a common trick. Users can identify fake websites with malicious links in them by installing a firewall on their Wi-Fi networks or by adding an anti-virus on their device, which supports web scanning.

Next Story