cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

You and Me, Going Phishing in the Dark: Google Phishing Takeaways

Product Manager
Product Manager

So, I’m sure you're all aware of the Google phishing scam. It, conveniently, presents a few key items that I would like to discuss.

What we know, as in what Google will tell us, is that the expedition did not represent an access of information. Rather, it merely gathered contacts and re-sent the phishing email for fake Google docs. Clearly, we need to discuss the key identifiers of how to protect yourself from similar attacks. The phishing emails were sent from (supposedly) hhhhhhhhhhhhhhhh@mailinator.com. Now if that doesn't look fishy, I don’t know what does. Regardless, people obviously opened it.

Another critical element is that the link the Google docs directed you to led to nothing more than a long chain of craziness, instead of a normal Google doc location. However, like most phishing, it appears to be from someone you know. So how can we protect ourselves?

Google installed several fixes within an hour. This shows great business practices for security on their side. We have to know that there is no one-size-fits-all for security, period. New breaches are happening every second, and we don’t always know the location, intent, or result of these attacks. What we can do is be mindful that we are no longer free-range users, and we have a personal responsibility to be aware of attacks, both at home and at work.

So, I'd like to help you learn the basics of looking for and recognizing phishing emails. First, and always, begin with being suspicious. Here are some ideas to help strengthen your Spidey senses:

  • Report phishing emails to your IT team or personal email account providers. If they don’t know, they can't fix the issue. They may eventually find out, but think of this as your friendly Internet Watch program.
  • Avoid attacks. NEVER give personal information unless you know why you are being asked for it, and are100% able to verify the email address. Make sure the email address actually matches the sender.
  • Hover over links and verify if they are going to the correct location.
  • Update your browser security settings. Google released a fix for this and pushed it out within hours.
  • Patch your devices -- including MOBILE! Android had an updated phishing release from Google within hours.
  • Stop thinking of patches for your phone as a feature request.

We can be our own cyber security eye in the sky! All it takes is motivation and time to be hacked, breached, or attacked, so we must be diligent and not let down our guards. Being vigilant is critical, as is proactively protecting ourselves at home and work by practicing a few simple practices.

And another thing: Let's stop sending out our SSIDs at home like a bat signal. There are little things we can do everywhere. Go big and implement MAC address filtering that will determine if anyone is trying to access your Wi-Fi big time. (Take it from someone who has four teenage daughters.)

~Dez~

19 Comments

Really enjoyed this article.  Good best practices to teach the kids as they start getting on the computer for school and homework.

MVP
MVP

there are products out there now that deliberately send your users suspect emails of all types - then if any of them fall for the tricks the user will get sent to an educational page on what they should have done.

Very cool idea

Of course its a completely different story if the admin or security guy falls for it . . . . . .

Product Manager
Product Manager

This is why I stated "as in what google will tell us" Bug behind Google Docs phishing phrenzy was discovered five years ago! • The Register

Simply put, flags can be dormant and hiding then come alive later...  This is also why I state there is not a 100% secure infrastructure.  However, if you've had a warning of a threat I'd jump on that and not shrug my shoulders.

~Dez~

Level 16

No amount of education can correct users at this scale. Some people are very good at what they do, but what they do isn't work on computers. We had a company wide email go out this week and there is always the 40 or so people that

hit 'Reply All' and send their answer to everyone, then the 40 more that 'reply all' telling them not to reply to all....

MVP
MVP

Nice article

Level 13

i'm sorry, but isn't hhhhhhhhhhhhhhhhhhhhhhh@mailinator.com legitimate????

Level 13

Spot on!!!!! 

Level 20

This is also why I always buy Google Nexus phones (I have the 6P right now) and will be getting the new Google Pixel 2 when it comes out around October this year.  Google pushes security patches to their nexus and pixel devices every single month.  Also android updates go out for Nexus and Pixel before anything else.

With many phones from various telco's they get a couple updates or never get updates.  This flies in the face of security on your phone.

pastedImage_0.png

MVP
MVP

great write up Dez !

I can relate to the 4 teenage daughters thing...granted they are now mostly past that.

Always had my SSID not broadcast...

It is so silly how many people are fooled by some of the lamest phishing attempts....

Level 16

I won't mention the manufacturer, but one of my co-workers phone just went dark for three days. He left it on a charger on his desk and borrowed his wife's spare one while contemplating what to get next.

After 3 days it suddenly woke up with a tone and said 'Updates Completed' It was the first update had received in a very long time and must have been a big one.

Needless to say he has a new phone now.

Level 14

Nice write up Dez​...

People are trusting beings... and they think that everyone is just like them.... This is what the bad guys depend on.....

P.T.Barnum was a genius!

(4 teenage daughters... yikes.... I had two and that was enough!)

Level 20

Yes this is real problem with phones... they just aren't being updated correctly on any reasonable schedule by telcos!

To add to your list of basics... help educate your non-technical friends. The line between personal and business emails is very thin and easy to traverse. Educated people form a "community immunity" which will contain any outbreaks.

Level 9

Office365 SafeLinks protections had this nullified before our first user received it.

Level 14

Great point...

MVP
MVP

Good information, but along with today's mission question it gets kind of scary.

Level 14

User training, user training and more user training

Agree on the user training, we've been doing some test phishing of ourselves. Although inaction through FUD is a big risk.

About the Author
I started in networking and security around 2002 by taking Cisco Certified Network Associate and Security+ courses from Central Vo-tech. This is where I fell in love with technology in general. From there I venture out to internships and started using the Engineers Toolset from SolarWinds which made me wonder about software. The company I was with purchased Cirrus which is now Network Configuration Manager (NCM) and I was officially hooked. I searched out for SolarWinds and well you guessed it I started working for them and believe it or not in sales. That was the only position open but I knew I wanted to be here. So I quickly worked my way in to the support side and became the first Sales Engineer and then the first Applications Engineer. Since I am a very curious person I have since in my 9 years of being at SolarWinds decided to pursue more education. Security is always a fascination to me so I started taking classes on INFOSEC Assessment Methodology (IAM) and INFOSEC Evaluation Methodology (IEM) of the NSA. Then I went and took the CIW Masters for web development and ventured to databases. MCITP SQL Server and Development certifications that led me to a database development degree in college. I’m pretty much a jack of all trades and LOVE IT! This all applied to my work with SolarWinds as I wanted to be able to help customers solve their issues or needs. So knowing more information allowed me to do this successfully. I also dabbled in Cisco UCS management and currently taking classes to venture toward a CCIE (crossing fingers). NCM is a product that I have worked with since its beginning. I even had the opportunity to fly to the NSA to create templates for some of their devices. I used to be the sole MIB database controller so I’m definitely your huckleberry on MIBs and OIDs. As an Applications Engineer I focused on Network Performance Monitor, Network Configuration Manager, Web Performance Monitor, Enterprise Operations Console, Patch Manager, User Device Tracker, and the Engineers Toolset. See why I like to constantly learn new things I had a lot to be on top of! SolarWinds is a passion of mine still to this very day. My new role as a Product Manager for NCM is home to me. Funny how I circled around back to my favorite product that got me here in the first place. :) My goal is to educate and work with customers to leverage our products to their fullest degree!