Google issues warning about phishing e-mails
Official Google Blog posting, which is one in a series on online security, also offers ways to avoid such attacks.
Google is warning people about the dangers of phishing e-mails that ask for sensitive information and appear to come from a legitimate trusted source, like your bank, but are really scams to steal your data.
You would think that with all the publicity phishing attacks have had over the years there wouldn't need to be a public education campaign. But so many people still get lured by these spam e-mails every day that the warning is merited.
"Millions of people have gotten 'urgent' e-mails asking them to take immediate action to prevent some impending disaster. 'Our bank has a new security system. Update your information now or you won't be able to access your account,' or 'We couldn't verify your information; click here to update your account,'" Ian Fette of Google's Security Team wrote in a posting on Tuesday on the Official Google Blog. The post, titled "How to avoid getting hooked," is one in a series on online security.
"People who click on the links in these e-mails may see a Web page that looks like a legitimate site they've visited before. Because the page looks familiar, these people enter their username, password, or other private information on the site," Fette writes. "What they've actually done is given an unknown third party all the information needed to hijack their account, steal their money, or open up new lines of credit in their name. They just fell for a phishing attack."
According to the posting, here are some things to remember: Be wary of responding to e-mails or clicking on links that ask for information, particularly because legitimate businesses don't ask for that type of data via e-mail. Type in the purported organization's Web address in a browser rather than clicking on the link. Double check that the URL looks legitimate if you are already on the site. Be wary of promises of "fantastic prizes" and other too-good-to-be-true offers, and use an updated browser with a phishing filter.