Gmail Insecurity. As if Gmail users haven't had enough with the regular concerns over their personal information, another security threat has emerged as Gmail password hack. Anyone on Gmail accepts the fact that every email, and the metadata that envelopes it, is scanned, stored and then either shared, stolen or sold for profit. The last thing a user needs is to lose more of their identity, but that's exactly what this new attack is designed to do. In this post we will tell what to look for, how to prevent the hack, what your options are, and how to take pre-emptive precautions that eliminates this type of risk in the future.
The goal of the attack is to steal your Gmail password. With your password, criminals will have complete access to your Gmail account, YouTube account, Google+ account, Google Search History, and any other Google services you use. Once the hackers have gained access, they will scan your information and mine it for all you have. From there, they will most likely find their way into your bank and online shopping accounts. Finally, they will find a path to your FaceBook and LinkedIn accounts, and start to use your identity and information to do the same thing to your friends, family and business networks. Had enough? This post will help, please read on.
The most effective scams in cyber-crime include those that use "social engineering" to gain access to your information. Due to the national epidemic we call "digital passivity" (actually we stole it from Jason Lanier in his New York Times editorial, click for this must-read article) vast quantities of information about you are now available easily and inexpensively, to anyone and everyone. This information is then "engineered" to manipulate you with highest probabilities of success. With vast pools of information and powerful big-data software, its easy to create an attack that targets millions at once, all in a highly personalized, and individual manner that significantly increases a cyber-crime campaign's rate of success.
Socially-engineered attacks are a favorite of the most sophisticated and relentless criminal organizations in the world. A single, successful attack can be more profitable than most modern crimes today. In fact, a single attack can be so profitable it can mean enough money to provide many criminals for the rest of their lives. For modern criminals, cyber-crime using social-engineering can be the best retirement plan they will ever see. They know the next 18 to 36 months is their window of opportunity, and your season of vulnerability. And they are "all-in".
The next 18-36 months are open-season for the most sophisticated criminal cartels in the world;
|
Traditional Crime |
Cyber Crime |
|
|
As much as you can take with you. | Unlimited and immediately portable. |
|
Injury or mortality. | Eye strain. |
|
Decades of hard time in prison. | A job offer by the NSA. |
|
Very hard to carry out without error. | Average difficulty. |
|
Limited to location. | Everywhere at once. |
|
Car, bandito mask, disguise, hide-out. | Anonymous. "Off" switch. |
One of the methods by which criminal hackers use social-engineering is "spear-phishing". "Phishing" is a term used to describe broad attempts at social-engineering, as in fishing with a net. You've seen the early examples like emails about winning the Nigerian lottery, or a long-lost uncle who's estate is trying to find you so they can disgorge the fantastic wealth he always anted you to have. The newly socially-engineered attacks are much more personal and though done in mass, very individualized in nature. Thus, the term "spear-phishing", as the attack is precisely aimed at you.
The latest attack spear-phishes Gmail users by using information that will be familiar looking and trustworthy. Long gone are the clumsy attempts of the past. In this attack you can expect an email that will look and feel as if it belongs to you, is meant for you (and, it is!) and is part of your relationship with Google, whatever that may be. One of the latest versions is a notice about an increase in storage allotment. It may refer to your account and include details that are meaningful to only you. It takes each and every user of Gmail to maintain an optimal state of vigilance and paranoia, to protect themselves from this attack by examining for spelling errors, awkward grammar and illegitimate domain name provenance. When in doubt, DELETE!
The "public" email system in North America is terribly broken and has become a twisted version of what it was originally meant to be. That's not what this post is about but for real answers and long-term solutions you can use, go here;
So, the immediate advice is to talk to those around you, especially your family and co-workers that use Gmail, and be sure they know what spear-phishing is, and how to spot it. It's a moving target, this business of cyber-risk, but awareness and information are key to survival, and maintaining control over your digital lives.
Privatize your Email, Data Storage and Internet Technology, at your Home and Business.
Finally, for a long-term and sustainable solution, consider "privatizing" your email and Internet technology. Also, understand the importance of data location and portability. We talk about this, offshore email and data, and a lot more in our free report, "The Benefits of Privatizing Your Email and Data Storage Using Offshore Hosting".
Get your free report here;
Thanks for reading,
Total Digital Security
