Google Drive spoof email.
Have you ever received a shared document from Google Drive? If so, be careful! Not too long ago, one of our team members received an innocent looking email from Google Drive. This email seemed to have originated from someone who she was expecting to send her a document. She opened the email, was asked for her password, and then ENTERED her Google password! She couldn’t open the file, but just a few minutes later she received a text from Google with a passcode. It turned out that a spoofer sent a spoof email resembling Google Drive, stole her Google password and was trying to get into her account! Thank goodness she had enabled Two-Factor Authentication, otherwise someone would have been able to access her Google account with a lot of sensitive information!!
Two-Factor Authentication saved the day!
Two-Factor Authentication, also called two-step verification in Google’s vocabulary, is a great way to reduce the risk of unauthorized access to your account. The concept of two-factor authentication is not new, yet many people are still not using it.
So what’s the big deal? What harm can be done when a hacker steals your password? How about financial loss, identity theft, or social embarrassment? Furthermore, how about leaking of sensitive information, such as private records and client data. Also if you reuse that password on multiple websites, that hacker could potentially log into all your other sites that share the same password. These are enough reasons to make sure that you keep your passwords safe.
Here are a few tips to safeguard your login and password:
- Always verify any URL included in any email, particularly if it asks you to log in.
- When possible, avoid entering any passwords on sites that originate from an email.
- Use a different password for every website, system, and login.
- Use a strongly encrypted password management tool to help you remember all your passwords.
- Enable 2 factor authentication (2-step verification), wherever it is available.
Security doesn’t stop with you. Make sure that your company has resources to provide employees training and security awareness.