Google Security: Avoid Getting Hooked

A post on The Official Google Blog today gives a good reminder of the importance of remaining vigilant to email phishing scams.

The article highlighted the typical scenario of an email, often including a too good to be true offer, landing in your inbox and demanding an urgent response. I'm sure you all know the sort of email I mean - the one which comes from the manager of some obscure African bank who claims to have $3 million of your inheritance money.

You'd be amazed how many people still fall for these scams but with a few sensible precautions and common sense you needn't be one of them.

Google offered the following guidance:
  • Be careful about responding to emails that ask you for sensitive information. You should be wary of clicking on links in emails or responding to emails that are asking for things like account numbers, user names and passwords, or other personal information such as social security numbers. Most legitimate businesses will never ask for this information via email. Google doesn't.
  • Go to the site yourself, rather than clicking on links in suspicious emails. If you receive a communication asking for sensitive information but think it could be legitimate, open a new browser window and go to the organization's website as you normally would (for instance, by using a bookmark or by typing out the address of the organization's website). This will improve the chances that you're dealing with the organization's website rather than with a phisher's website, and if there's actually something you need to do, there will usually be a notification on the site. Also, if you're not sure about a request you've received, don't be afraid to contact the organization directly to ask. It takes just a few minutes to go to the organization's website, find an email address or phone number for customer support, and reach out to confirm whether the request is legitimate.
  • If you're on a site that's asking you to enter sensitive information, check for signs of anything suspicious. If you're on a site that's asking for sensitive information -- no matter how you got there -- check for the signs that it's really the official website for the organization. For example, check the URL to make sure the page is actually part of the organization's website, and not a fraudulent page on a different domain (such as or If you're on a page that should be secured (like one asking you to enter in your credit card information) look for "https" at the beginning of the URL and the padlock icon in the browser. (In Firefox and Internet Explorer 6, the padlock appears in the bottom right-hand corner, while in Internet Explorer 7 the padlock appears on the right-hand side of the address bar.) These signs aren't infallible, but they're a good place to start.
  • Be wary of the "fabulous offers" and "fantastic prizes" that you'll sometimes come across on the web. If something seems too good to be true, it probably is, and it could be a phisher trying to steal your information. Whenever you come across an offer online that requires you to share personal or other sensitive information to take advantage of it, be sure to ask lots of questions and check the site asking for your information for signs of anything suspicious.
  • Use a browser that has a phishing filter. The latest versions of most browsers - including Firefox, Internet Explorer, and Opera - include phishing filters that can help you spot potential phishing attacks.

No comments: