Thursday, October 29, 2015

Phishing - Avoiding malicious emails and links

Phishing attacks trick users into sharing personal information online and are typically done through email, ads, or compromised sites that look similar to sites that you may already use. What we see in our customer base are Google Apps and Gmail accounts that get hijacked and then used to send emails to further compromise more accounts. This normally happens when an end user enters their email address and password into a malicious website from an email link supposedly from a coworker or trusted source. Often this is a faked page that uses legitimate logos and text but normally with errors that may raise red flags for you. Phishing emails are also personalized sometimes which makes it more difficult for the recipient of the email to assess credibility.

An example of a malicious website from an email link. It may look legitimate, but the URL shows it's a hacked website.

There are a number of ways users can protect themselves and their organization from being victim to phishing attacks. The best way is to turn on two-step verification. Enabling two-step verification will require the user to authenticate beyond a username and password. It's an extra step, but ensures that the account is extremely difficult to compromise because even if an attacker has your username and password, they are unable to access your account without a unique, time-sensitive code. Here is how you can enable two-step verification for your Google Account.

Phishing is often successful when a user becomes complacent and too busy or rushed to bother checking the source of an email or site. Being aware and diligent, especially towards unexpected emails or attachments, can help you recognize when you are being targeted for phishing. Always confirm that the URL corresponds to the site you're expecting to see and before you enter your credentials, be sure to check for a trusted domain like google.com or facebook.com and that it's not something like google.xyzname.com or facebook.xyzname.com. If you are the slightest bit unsure, don't enter your login information and contact the person who sent you the email.

Another way to ensure the legitimacy of a site is to check whether the URL begins with https:// (s for secure) and has a lock symbol next to it. The lock means that the site is encrypted, which doesn't necessarily mean it's not hacked, but is a dead giveaway if it is missing.

Many account hijackers will email your contacts attempting to also gain access to their accounts, and then delete all your contacts. To add to the maliciousness, email filters may be used so that you don't see emails from people telling you your account has been compromised.


This phishing website attempts to trick users into giving away their login credentials and propagates by email. User's tend to login without actually looking at the URL first. We've reported the link and Chrome has already blocked it.

Tip: Always check the URL in your address bar, because if it's not from a legitimate root domain like google.com, it could be malicious.

If you do come across a malicious site or link, do not forget to report it. You can follow common advice by "reporting to an appropriate party" but  they typically do nothing. Take action and save your coworkers, family and friends from the bad guys by immediately submitting malicious links to Google. Often within as little as an hour of filing the report, the site will get blocked from Google search and Google Chrome. Firefox is relatively fast also, but Internet Explorer can take weeks to start blocking it.

Lastly, virus scanners rarely catch much in our experience but are still a necessary protection for the occasional time they do prevent problems. We recommend Symantec Endpoint Protection because it provides a cloud based console for monitoring your protection status across the company.


Unfortunately phishing sites still increasingly trick many users into surrendering their personal information and credentials. Hopefully this post has shed light on how you can help yourself and others avoid becoming victims of phishing. For all your technical assistance and needs with Google Apps, make sure to contact our InterlockIT team!