In a blog post, researchers from US software company Wordfence warn: “The way the attack works is that an attacker will send an email to your Gmail account. That email may come from someone you know who has had their account hacked using this technique. It may also include something that looks like an image of an attachment you recognize from the sender. You click on the image, expecting Gmail to give you a preview of the attachment. Instead, a new tab opens up and you are prompted by Gmail to sign in again. […]Once you complete sign-in, your account has been compromised.”
Corey Williams, Senior Director, Products and Marketing at Centrify, said this Gmail phishing scam highlighted the risk of over-reliance on passwords for protection. “Once again, we’re reminded of the danger of relying on any password as the only means of securing access to systems, apps or data,” he said.
“While it’s always prudent to check the URL of a link before clicking on it to verify it is spelled correctly and is a valid site, a more reliable defence against attackers is to enable two-factor authentication, which Gmail has offered since 2011.
“Two-factor authentication is the cyber safety-belt that will thwart the vast majority of hacks targeting users and their bad habits, such as clicking on suspect links or using the same password across multiple applications.
“The sooner we all wake up to that fact, the sooner these hack headlines will subside. At some point, app providers such as Google should mandate the use of two-factor authentication whenever it is technically possible.”
About Centrify
Centrify is the leader in securing enterprise identities against cyberthreats that target today’s hybrid IT environment of cloud, mobile and on-premises. The Centrify Identity Platform protects against the leading point of attack used in data breaches ― compromised credentials — by securing an enterprise’s internal and external users as well as its privileged accounts. Centrify delivers stronger security, continuous compliance and enhanced user productivity through single sign-on, multi-factor authentication, mobile and Mac management, privileged access security and session monitoring. Centrify is trusted by over 5000 customers, including more than half of the Fortune 50 in the US.
