Last week’s Google Docs Phishing attack, effected via Gmail, affected about 1 million users, even though Google responded to the initial report almost within one hour and patched the vulnerability. But there are still several big questions that remain unanswered in the wake of the attack, beginning with the simplest ones of all: what is a phishing attack, and why were so many people fooled into compromising their sensitive data?
The unfortunate truth that leads us to answer those questions is the fact that our education system is far behind present-day technology. Our parents and teachers have been warning us not to talk to strangers and accept candy from unknown people for decades, but can you remember learning about simple phishing attacks, password etiquette and other safety measures when you were in school? I can’t.
So, if you will allow me to ‘play teacher’ and give me a few minutes of your time, I’ll teach you a few rules that can make you more confident on the Internet, with emails and with online security in general.
Three Simple Rules to Protect Yourself from Phishing Attacks
Rule #1: If you have to blame someone, blame yourself
Don’t blame technology companies – in this case, Google, but basically every software provider whose products you use – or hackers or your Internet Service Provider for your security woes. Remember: The weakest link in the security chain is usually the user – you and I.
Our security online is primarily our responsibility, and the sooner we learn that, the better for us. Would you write your ATM card PIN number on your forehead and walk around with your ATM card sticking out of your bag or pocket? They why in heaven’s name would you use “password” as your password? Or your date of birth, which is really easy to find? Or even your kid’s names?
Rule #2: Don’t be Paranoid, Just be Aware
You don’t have to become paranoid about security, but you do need to be more aware. That doesn’t mean being suspicious of every email that you get, but it does mean you need to watch for signs. Gmail has built-in virus scanning, alert and attachment blocking features for files that may be infected. Don’t ignore these warnings, and don’t try to dismiss them without reading these alerts.
Rule #3: If it Looks “Phishy”, Report It
I was quite surprised to learn – while reporting the Google Doc phishing attack of last week – that I didn’t know how to report a phishing email to Google! I knew there was a button to report spam, but I didn’t really know how to report phishing emails until I Googled it!
Here’s the process, in case you’re in the same position. This is from our earlier article on the Google Docs Phishing scam:
Here’s what you do:
Open the offending email
You’ll see a down-arrow next to reply on the top right-hand side of the email (not the page, the email)
Click on that down-arrow, and look down that list
Right below ‘Report spam’ you’ll see ‘Report phishing’
- Click on that, and you’re done
Here’s a screenshot to help you out:
Use this feature when you get an email from an unknown person asking for your personal details, or a suspicious email with any sort of attachment, including a Google Docs file.
Those are the three most important rules of protecting yourself from phishing attacks like the Google Docs scam that hit more than a million users in a very short amount of time.
But even more important is your knowledge.
Educate yourself by reading up on new malware types, how phishing attacks are becoming more clever by the day and other related topics. And keep abreast of security news on Google – the worst and most dangerous ones usually make an appearance there.