Understanding Phishing, Part 1: The Hacking Technique Behind Most High Profile Leaks
Since election day, a number of high-profile journalists, think-tank employees, and professors have received a disturbing Google notification: foreign state-sponsored hackers may be trying to infiltrate their Gmail accounts.
Nobel Prize-winning economist and New York Times columnist Paul Krugman, former U.S. diplomat and current Stanford University professor Michael McFaul, and GQ correspondent Keith Olbermann are just some of the individuals whose Google Drive and Gmail data have been reportedly compromised.
Phishing, the technical name for these malicious hacks, has been the cause of some of the most highly publicized and significant leaks in recent history. The short list includes John Podesta’s leaked emails, the Democratic National Convention hack, and the 2014 leak of over 100 celebrity nude photos as a result of an iCloud API breach.
When phishing, hackers send an email to their target that convinces them to enter an account password or other personal or sensitive information. Using email addresses like “firstname.lastname@example.org,” these hackers have been posing as Google, and have used the disclosed information to login to the user’s account, compromising G Suite cybersecurity. While many phishing cases are intended to access bank accounts, these hackers are now targeting journalists, higher education institutions, think tanks and hospitals, as well as other places that harbor sensitive information not available for release. In many cases, account holders will fall for these tricks, and disclose their passwords or other information.
Google has caught on, however, and is trying to prevent further hacks by issuing statements to individuals whom the company believes to be at risk.
In the warning, Google said that government-based attackers use phishing tactics to access data and spy on “no less than 0.1% of all Gmail users.”
To combat this, Google recommends enabling two-factor authentication and setting up a security key, which requires users to use multiple forms of authentication before an account can be accessed.
One of the best ways to do this is by enabling a Google recovery account through a company like Spinbackup. With over one billion Gmail users, it’s hard for the tech giant to backup Google Drive and Gmail on its own. With a third party Google recovery account management system, you’ll be able to use G Suite freely without worry.