Windows 10: New, very good, Gmail phising atack in the wild

Another phishing attack is in the wild. This time, technique and used false login pages are very good, so be careful.

Phishing mail is coming from known contact and always with attachment. Clicking on that attachment will get you to false Gmail login page. There will be text added before accounts.google.... link in address bar.

Password manager would reveal phishing attempt, as it would recognize page as false and also two step authentication could save you, but not if you're not careful.

Read more on Helpnetsecurity (and other tech news links)

:)

 

no add ons for edge browser ....

sorry if my English is not very good but i speak french usually

i saw that Microsoft edge don t use add ons technology

but how fishing addons can be installed so... its the computer of my mother and i see ads by ************phising site every where as i can t manages add ons ( does'nt exst ) i can t remove or desactivate it

how to proceed?

tks

 

BS virus Via internet

It is phising.

Delete your internet cache.

If that still happens then personmylab.com may have a hacked advert on their site.

 

All the articles on internet write about it, but with the most important piece of information missing.
Not a single screenshot, what to look for, just guesses. That is sooo helpful to prevent it. *Rolleyes

 

Mail will always looks different (and legitimate). That's what makes it so dangerous (IMHO)

Only picture that is really important is login screen with that text in address bar...

 

This is why two-factor authentication is so important for Gmail, and indeed all other, mail providers.

 

That is, what I am talking about. They say, it shows as encrypted within green bar, well I will just have to imagine it.

As long as it is not mandatory, I will never use two-factor authentication, I do not want to loose access to my emails.

 

Picture is in the first post..




I'm using two factor auth. Not very happy about it, but risk is too high lately.

 

iam not the kind that can spot whiat is fake and what is legit..i should pay more attention. ive never been a victim before

should i also do the 2 step verification?

 

When typing passwords, green sign for lock should be in the beginning of the address bar. Most of the users don't pay attention.




Password managers like lastpass or keepass are good solutions for situations like this. 2 step verification is also good solution, but is not 100 % - a bit more advanced attack can intercept code from 2nd step.

 

Everybody should use two-factor authentication if it's available, and care about your security.

 

I wont say your comment is utterly stupid as I said in my reply to you last time only couple of weeks ago when I saw you post this same comment in another thread. Reason I wont say it now is because then your post and my reply got binned by mods. Trying now to find other words to say the same staying within forum rules:

I hope our members possibly seeing your comment understand how utterly nonsense it is. Two step authentication when set up correctly does never mean you lose access to your emails and / or account.

Two-Step Authentication by Google:

You can set up an authenticator app on a smart phone and print / write to a note 10 single use security codes, in addition to adding as many mobile and fixed net phone numbers as you wish as two-step authentication devices:




Windows Phone users, you can't use Google's own authenticator app but there's a really good alternative in Windows Store called AuthenticatorG. I use it for Google and YouTube authentication, it works flawlessly.

Two-Step Authentication by Microsoft:

In addition to authenticator app, add as many email addresses, mobile and fixed net phone numbers as you want to:




Both Google and Microsoft and as far as I know most other services allow you to select a device as trusted one, meaning the code will not be asked on that device until you "un-trust" it, in which case the code would be asked again next time and you could again choose to trust the device or not.

Using myself as an example, as I have the authenticator apps for both Google and Microsoft on smartphone, me loosing access to Google would mean that I've lost access to my trusted devices (an Android tablet and a laptop), home phone, mobile phone and at the same time lost the note I keep in my wallet with those 10 single use security codes. I would call this scenario impossible.

The same with Microsoft account. Microsoft allows even additional email address to be set up as a mean to receive security codes. Again impossible scenario, me losing access to phones, authenticator app, trusted laptops and all additional security emails at the same time.

I hope my choice of words this time helps to keep your bad advice and my reply here, that they would not be binned because I think it is important that our members and visitors alike get correct information.

One personal recommendation to you, polite and in all friendliness: It is never a good idea to post anything that could be taken as advice on subjects you know nothing about.

 

Great explanation of authentification, and it's importance @Kari *Thumbs

 

Thanks Golden. I thought this is important.

Because I use two-step authentication with for instance Google, no password leak as with these massive leaks with Yahoo we have heard recently would pose any risk for someone else accessing my accounts; no one except me myself comes in to my Google accounts even if I publicly posted my password here.

 

Indeed - I use 2FA for my Apple, Google and Microsoft accounts.