Google: The Recent Gmail Issue Not a Vulnerability, just Phishing
Article by George Norman
On 26 Nov 2008
The Gmail world kicked off this week with news of a vulnerability in the mail client which could allow an attacker, if he got his hands on your Gmail cookie, to set up certain filters (without your knowledge of course) which would automatically forward your incoming mail back to him. While the whole world speculated this to be a Gmail security vulnerability, Google has come out to say that it is not; this is nothing more than an elaborate phishing attack.

“Attackers sent customized e-mails encouraging web domain owners to visit fraudulent websites such as "google-hosts.com" that they set up purely to harvest usernames and passwords. These fake sites had no affiliation with Google, and the ones we've seen are now offline. Once attackers gained the user credentials, they were free to modify the affected accounts as they desired. In this case, the attacker set up mail filters specifically designed to forward messages from web domain providers,” say Chris Evans from Gmail.

Advertising

Once the issue came to light, the Google security team wasted no time in addressing it, since this is what Google does – fixes problems quickly. The thing is that as long as you follow a simple set of rules, you will stay safe online, which is crucial, especially if you consider that window of opportunity between the time a flaw, vulnerability or security issue is discovered and the time it is fixed.

After you have finished reading your mail, chatting, or composing outgoing mail, it is not enough to simply close the browser application. What you should do is log out. Do this every time you are not using your Gmail account.

This next one is a no-brainer, but you would not believe how many people are tricked by it: do not visit shady, unscrupulous sites. Go only for trustworthy sites that are not spreading malware or trying to steal your confidential info. Enable the “https-only” feature.

If you are using Firefox 3.0.4, make sure that the adequate security options are active: “Tell me if the site I’m visiting is a suspected attack site”, “Tell me if the site I’m visiting is a suspected forgery”. It might also prove wise to install a security add-on, something like NoScript.



Tags: Google, Gmail
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 30 Mar 2017
The Galaxy S8 is better than the Galaxy S7 in a lot of ways. It has a larger and bezel-less display, it has a better front-facing camera, it features the industry’s first 10nm chip, it offers more storage space, and much more.
By George Norman on 29 Mar 2017
What should you do when you have 5, 10, 15, or 30 minutes for a break? If you're drawing a blank and can't think of anything, come check out these 16 useful ideas.
Related News
By George Norman on 08 Nov 2016
This is the first major update the official Gmail for iOS app got in 4 years. It comes with a fresh, sleek new look and a trio of highly-requested features that you’re sure to love.
By George Norman on 14 Nov 2016
Out of the many apps, products, and services that Google has to offer, the following 7 have managed to rack up more than a billion users. A billion is a big number and a big deal. After all, it’s almost...
By George Norman on 24 Nov 2016
Pictured above is the doodle that Google decided to feature on its homepage in honor of Thanksgiving 2016. It is the latest in a long line of Thanksgiving doodles that have been showcased on Google.com over the years.
By George Norman on 01 Nov 2016
They’re kind of weird but cool nonetheless. And starting early November, they won’t be available just in Korea, because Samsung is making these mobile accessories available worldwide.
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Google: The Recent Gmail Issue Not a Vulnerability, just Phishing
HTML Linking Code