Category: Gmail Security

Sep 29

Disadvantages of Phone Verification for Gmail Login – How to Disable 2 Step Verification

Disadvantages of Enabling Phone Verification for Gmail Login 

Gmail 2 Factor Authentification, a security system that protects your Gmail account from being hijacked by requesting phone verification has its advantages, which many of you are aware of. The main advantage of phone verification is that even if somebody steals your password, they won’t be able to log in and access your account. The second layer of protection offered by 2 Factor authentification will ask the hacker to verify their identity using a mobile number that belongs to the owner. Since all mobile phone numbers are unique, and the hacker doesn’t have access to your phone, they will be blocked.

However, enabling phone verification is only good when you are not a cross-border traveller. If you don’t travel much outside of your country, you will be able to use 2 Factor authentification to log into your Gmail account.
The problem with using Two-Factor authentification outside of your country is that you will be blocked from signing into your account, even if you are the owner of that account. Gmail will automatically detect a suspicious login if you are visiting a foreign country, blocking your password and requesting phone verification. This is frustrating, especially if you don’t have a second number enabled for that location. So what is the solution to this problem?

Disable Phone Verification When You Are Travelling

To prevent being locked out of your Gmail account when you are crossing borders, you have to disable phone verification while you are in the verified country of origin. To turn off 2 Step verification, log into your account and follow these steps:

My Account

1. In your Gmail account, click the “Google Apps” icon. This multi-square icon is located on the top right, next to your Google Profile icon.
2. Click “My Account” in the drop down menu.
3. On the resulting page, click “Sign-in & Security”.


4. On the “Sign-in & Security” page, scroll down until you see “2-Step Verification”. If it’s ON, turn it OFF.


5. Before you turn it off, you will be required to log into your account again. Log in with your usual password and follow instructions.

Jan 14

Gmail Scam – Fake Phishing Messages about Your Google Account

Gmail scams where the scammer sends fake phishing messages are not new. While a basic Gmail phishing message is easily identifiable, some more sophisticated messages are subtle and cleverly disguised, making them hard to catch. However, whatever the level of sophistication, there are common characteristics between these fake emails – the goal is to steal your login info and ultimately get access to your bank account or credit card.
One type of email phishing scam that is doing the rounds, which you should watch out for, is an email that comes into your inbox, purporting to be Google. As you might know, it is much easier to open an email from a trusted brand and click the link without a second thought. On the other hand, when the email is coming from an unknown website or vendor, your red flags will be triggered.
The latest scam as reported by KiviTV includes convincing legitimate-looking messages which look exactly like Google email formats. In one email, the scammer informs you about your Gmail account which has exceeded the allowed storage quota. In another variation of this scam, the message might be different, telling you that your email has been delayed or deferred. The goal of this trick is to scare you into taking immediate action to restore your Gmail service. You will click the link in panic, but alas, the link will take you to a malware site or download viruses on your computer.
Using a bit of common sense, like checking the amount of free space left on your email might save you from this phishing attack, but since the messages look so real and convincing, you will be tempted to click the link, besides most people have little time for investigations.
How to Identify Fake Phishing Messages
By doing a little investigation before you click a link inside a Gmail message, you can save yourself from phishing attacks:
          Check where the mail is coming from, the dumb scammer will use a clearly fake email domain, the sophisticated scammer may cloak or disguise the fake domain and the advanced scammer will use a genuine google.com domain to trick you >>> Read This
          To reveal fake domains that are hidden by hyperlinks in the message body, hover your mouse over the hyperlink or URL to see the true domain. The hyperlink will be google.combut the true domain will be something different e.g.  googlesupportheadquarters.com



Fake URL – Hover Mouse Over Link To See True Destination



Fake URL – Hover Your Mouse Over Link To See True Destination





Genuine URL – Hover To See True Destination



          Compare the email with a real Google email, you might notice some small differences between their design and formatting.
          Grammar errors and typos are one of the common giveaways for scam emails.
          USB Security Key : This is a surefire way of protecting yourself against phishing messages and fake websites.

Jan 12

Sophisticated Google Docs Phishing Scam Uncovered By Symantec

A Gmail Phishing Scam That You Cannot Escape
So one of the basic rules in identifying a Gmail phishing message is to check the email domain, the name at which the email is hosted. You can do this by opening the message and reading the sender’s email address at the top left corner of your message, the [from:] field. As you can see in the screenshot below, the mail is coming from the authentic Gmail Team mail-noreply@google.com.  If you see a misspelled domain or any email domain that tries to imitate Google, for example @go0gle.com, @googleteam.com, @googgle.com and many other variations, then you should know that it’s a fake domain.

Authentic Google Email Domain

Authentic Google Email Doman

However, as revealed by Symantec, scammers are getting more sophisticated and clever. They have devised a new phishing trick that makes use of an authentic domain name used by Google and Gmail. What does this mean? Well, it means you should be more wary, you should not rely on one sign to identify a fake phishing email. Look for many tell-tale signs. In this case, most people would easily be tricked into signing on a fake page because the domain is authentic.

The scammer who devised this trick definitely knows that many people will log into a fake page if the URL or domain is real. Besides using an authentic Google domain which makes use of a secure SSL certificate, this smart scammer created an authentic-looking Google Drive login page. Here is how the system works:
Inside Google Drive, which is a cloud server, the scammer created a public folder to host a fake Google login page. Google Drive files can be shared as a link and they can be opened online via Google Docs to view them. The scammer then inserted the links in Gmail messages, along with a message asking the recipient to open an “important” document. On clicking the link, the recipient will be directed to a fake Google Drive login page. All the while, the recipient will see an authentic Google URL, so there is no reason to doubt the authenticity of the page.Also, if you are regular user of secure websites, being asked to sign in again is not a new thing. It is not a surprise therefore that most Gmail users will think that being required to log in and out of your account is a security measure that Gmail takes to protect your account.
Once you sign in on the fake page, your login details will be captured and sent to an external server hosted by the scammer.What makes this scam sophisticated is that it doesn’t leave you with a feeling that something is wrong. It’s a smooth operator, after clicking the sign-in button, you will be redirected to the Google Docs document that was promised in the email.

Google Drive Login Phishing Page That Looks Real

So How Do You Protect Yourself?
We said one of the rules for identifying a fake phishing page is checking the domain name.However, what if you are hit by a scam that makes use of an authentic domain or URL as demonstrated by the scam above? Anyone can be a victim of this scam, and above all, you will be a victim without knowing it. Here are ways to protect yourself from this scam:
          Use a FIDO U2F USB security key. This USB key can identify phishing pages.

          Enable 2 Step Verification. It will not stop your password from being stolen but it adds an extra layer of protection (mobile phone verification) to stop hackers from accessing your Gmail account.