Security Warning: Gmail users especially vulnerable to "phishing" efforts to steal passwords

If you ever are worried that your email has been hacked or if you have any questions, contact our team immediately at community@namati.org to explain your problem, and we’ll try to help as quickly as we can. For safety, do not transmit any passwords to us!

@indirasarma shared an article with me recently with a fairly scary warning for @namati_staff and any members using Gmail. While Google does a good job of preventing hackers and abuse via their services, there are still people out there using creative and nefarious methods to trick us into giving them our passwords. Email can be used to reset passwords across the web, including social media accounts, banking, etc, so just think of the mischief they can cause once they have your email password.

Be extremely careful about storing and sharing your passwords, use passwords that are hard to guess, and change your password from time to time. If you haven’t changed your email password recently, do it now! You won’t regret it.

This article talks about “phishing” which is the practice of tricking people into giving up their password. The method described involves sending you to a fake login form which looks identical to the Gmail login form. When you input your details there, you are giving it to the hackers.

As explained in the article, you can avoid trouble by looking in the browser address bar whenever you provide your password. For Google logins, it should look something like the below - note the green lock and https: which indicates you are entering your details into a secure and encrypted page. Also note the web address which is quite clearly accounts.google.com and not some hacker’s server. If it looks different than this, then be very careful! :slight_smile:

To read the full article, click the link below. Let me know if you have any questions at all or further insights to share. Stay safe out there! :lock: :oncoming_police_car: :cop: :cloud_lightning:

4 Likes

Thank you for sharing, @tobiaseigen!

2 Likes

IF YOU GET a Google Doc link in your inbox today, scrutinize it carefully before you click—even if it looks like it comes from someone you trust. A nasty phishing scam that impersonates a Google Docs request has swept the internet today, including a decent chunk of media companies. You’ve heard “think before you click” a million times, but it really could save you from a whole lot of hassle.

If you already clicked this type of link today (or any day), go to the Permissions page of your Google account as quickly as possible and, in this case, revoke access to the service called “Google Docs.” Again, it’s a fake. Then change your password and make sure you have two-factor authentication turned on, which you totally already did, right?

This is a really important warning about a new scam sweeping the Internet. Please heed it! @namati_staff

And a reminder: since google mail seems to be a target, please also be sure to change your password frequently and make sure it is hard to guess and different from any other password you use.

Personally, I follow the “that’s a battery staple” method from XKCD to come up with passwords.

2 Likes

Thank you for sharing this @tobiaseigen!