Warning: viral Gmail, YouTube alerts spreading via email

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

By Bob Sul­li­van, ThirdCertainty

I’ve received a cou­ple of trou­bling emails recent­ly that made their way into my inbox. They were well-draft­ed attacks designed to con­vince me that my Gmail or YouTube account were about to be delet­ed unless I clicked a link right away.

Of course, words like “warn­ing” or “instant” should always give you pause — crim­i­nals try to get you off your game by cre­at­ing a false sense of urgency. I could see some­one falling for this tech­nique, so I’m call­ing it out.

One mes­sage read: “Your account is sched­uled for ter­mi­na­tion. Acti­vate now to stay con­nect. Google team.”

The bad gram­mar is a tipoff. Anoth­er is some­thing you might not notice unless you look care­ful­ly at the “from” line. It says “Gooqle Set­ting,” with a “q” where a “g” should be.

Clever, those crim­i­nals. That’s prob­a­bly part of the rea­son it wasn’t stopped by Google spam fil­ters. Of course, click­ing on the link doesn’t bring you to a Google web­site. So delete this one immediately.

Sub­tle pitch

Yes­ter­day, I received a sim­i­lar men­ac­ing email that was a lit­tle more ele­gant and sub­tle in its pre­sen­ta­tion. It warned of an upcom­ing terms and con­di­tions pri­va­cy-relat­ed change at YouTube, and urged me to click to con­firm my per­son­al information.

The mes­sage read: “Over the past year, we have intro­duced new fea­tures and con­trols to help you make the most of your use of YouTube, and we lis­tened to the peo­ple who have asked us to pro­vide a bet­ter expla­na­tion of how we get the infor­ma­tion and use it.”

But again, the would-be hack­er here used uncon­vinc­ing lan­guage: “Because of the lat­est updates ask many of our cus­tomers to con­firm their infor­ma­tion, and this is not some­thing to wor­ry about.”

Still, a pri­va­cy pol­i­cy update could seem benign, and I could see a user click­ing on this one. Don’t be that user.

Google responds

About five hours after the Gooqle email arrived in my box, Google actu­al­ly for­ward­ed the mes­sage adding a warn­ing with a red band across the top that read, “Sim­i­lar mes­sages were used to steal people’s per­son­al infor­ma­tion. Unless you trust the sender, don’t click links or reply with per­son­al information.”

An excel­lent step, but about five hours too late for some peo­ple, I’m betting.

I don’t know how wide­spread this prob­lem is — I’ll try to find out. But I do know that tech­niques like this pop up, and per­sist, only because they work.

So today’s warn­ing: Be very, very skep­ti­cal of emails that seek to ver­i­fy your account, par­tic­u­lar­ly if you didn’t ini­ti­ate the dia­log. Even if you did — say, you request­ed a new pass­word from a site — always be care­ful of click­ing on a link in an email.

Always hov­er over the link first and see where it’s tak­ing you. And always glance up at that address bar and see where you’ve land­ed. That’s not a fool-proof tech­nique, but it’ll pro­tect you from a lot of sim­i­lar scams.



Posted in Cybersecurity, Data Security, Guest Essays