A million Gmail account holders agree: when you use a free account, someone else is eventually going to be using it too. Recently, over 1,000,000 Gmail accounts & contact lists were hacked through a unique phishing scam in which users were tricked into opening a shared drive document from what appeared to be a trusted source.
Once the document in question was opened, the hacker was able to access both documents and the contacts of their victims, from there sending out emails to everyone on their list. This quickly snowballed from a few users to over a million.
Countless users’ personal information was compromised—the total damage is still to be determined. However, there is a lesson was learned from all this: free is not always better. The best way to manage your contact information is by using a secure (and most likely, paid) service. For any business, one superior solution is going to be Microsoft Exchange or Office 365.
Is there a better solution?
Currently, Microsoft employs a number of measures to ensure every email and attachment sent between users has the highest level of security possible. Over the last few years, Microsoft has had nearly a 500 percent improvement in its ability to detect counterfeit emails and addresses. Using a combination of data, powerful authentication checks, and reputation filters for Office 365, Microsoft has greatly reduced the success of phishing and other malicious attacks. Their new attachment scanner, called Dynamic Delivery of Safe Attachments, captures suspicious looking attachments and keeps them in quarantined area while it scans for malware and other harmful executables, ensuring that users’ data is kept safe.
What about private users?
If you’re an individual and are unwilling to pay for an email service (and really, why should you?) there are a number of steps you can take to ensure that you don’t fall victim to an attack such as this.
- Only open attachments after taking the following measures:
- If the subject or body of an email looks odd—STOP and reread the email.
- Is this message clearly from a previous conversation? Or crafted to look like one.
- Be careful, even if you recognize the sender, it may be an impostor.
- Check and double check any links or attachments for the slightest hint of weirdness or confusion.
- Help all of your colleagues and friends by crafting messages with a well-crafted and descriptive subject.
- Be VERY critical of any hyperlink.
- Be very critical of images that may also be hyperlinked.
- If you feel like you have been hacked, you might have been. Ask someone for help.
- Should you be prompted to log in at any point—be concerned—this is a huge red flag. Stop, and throw your computer out the window.