Gmail Phishing Messages – How to Stop Them
A Gmail Phishing Email : One of the phishing emails that entered my gmail inbox:
Subject: Gmail security verification
We regularly verify accounts for security purposes………………………..
Verify your account by clicking the link below:
Gmail Security Manager
@2011 Google Mail. All Rights Reserved
As you can see, the phisher will try to make the e-mail look as genuine as possible by copying the format and wording of Google messages. If you don’t take a second look, you may be fooled into clicking the phishing link. The truth is Gmail or Google never sends emails asking users to update or supply their personal details for account verification.Phishers who are good in web design will also create a web-page that looks like a real Gmail sign up page.
You can immediately see a fake Gmail Security Team e-mail – it is often a free email address or an email address that does not belong to Google. The fake sign up page will also have a domain or URL that is not used by Google or Gmail, for example, gmailverify.com,gmailhq.com.Also avoid signing in from naked domains without the www.
When a hacker logs into your Gmail account, he/she may send messages from your account to your friends and contacts. If you are too slow to act or have discovered this late, your friends and contacts may also be tricked into revealing their information by the hacker. You should therefore change your password as soon as possible and notify all your contacts that your account has been hacked and if they received any suspicious message they should ignore it – because the hacker may have sent the message. You can check all the sent e-mails by looking at the “Sent Emails” in your account. Your friends might also need to change their passwords.
How Not to be a Gmail Phishing Victim
When you receive any spoofing or phishing emails, you should never do what they ask you to do. Do not click the links in the email and do not reply them. Mark the message as spam to stop any future emails from this sender. You can also report the message to Google by clicking the arrow on the right side near “Reply”, then choose “Report Phishing”.
Any emails that you receive can be authenticated by Google. This security feature can be accessed by opening the email, then click “Show Details”. You should see two headers below – “mailed by” and “signed by”. The headers should read as “mailed by: gmail.com” and “signed by: gmail.com” if the email has been authenticated by Google.com.
For retrieving Gmail emails via Windows Mail, Outlook Express, Thunderbird and Outlook, you have to check for “SPF: pass” and “dkim=pass” These acronyms stand for (Sender Policy Framework) and (DomainKeys Identified Mail) respectively.