If you have not heard, Google has reported that several prominent Gmail accounts have been compromised. Some well known sites are reporting the accounts as “hacked”, but when you read further into their articles, they clarify that the method of obtaining access to the accounts was through a phishing scheme. The term “hacking” gives me images of cracked security protocols and compromised networks. If someone reports that a Google account has been hacked, it should mean that a hacker (or group of hackers) has broken through code and/or security measures to gain access to the accounts. It indicates that Google failed to protect its data from malicious attack. However, that is not the case here. No one cracked into Google’s systems. What they did was trick people into giving out their account information and then use that information to access the accounts. Usually you can avoid compromises like this by not giving your account information to anything other than the source site (i.e. Google.com), but it is not always that easy. Some phishing schemes involve mimicking the source sites so that the average user is not even aware of anything being askew. This is a growing problem nowadays. The good news here is that more and more companies are taking steps to combat phishing attempts by further securing the authentication process between the user and their account. Google has just enabled an optional two-step verification process for Google accounts and I recommend you look into it if you have a one. Here is the video that they released to explain two-step verification.
There are several other suggestions to make with regards to securing your account access and you can find lots of articles online providing suggestions. Here are some password suggestions:
And here are some general practices to follow with regards to system security, web browsing and email:
The more you know about how vulnerable you are out on the Internet, the better prepared you can be. Don’t let yourself fall victim to avoidable schemes and attacks.