If you have a Gmail address, your inbox is vulnerable to a range of Gmail scams aimed at getting you to click. A number of these scams look very legit; however, they're everything but. A full-scale assault begins the moment you make the wrong click.
Scammers see this as a full-time job and they're dedicated to coming up with new ways to defraud people.
One of the latest and most effective Gmail scams happens when someone hacks your Gmail account and retrieves your contacts' information. This happens most often when a user has an easy, predictable password.
Once they have retrieved your contacts, they email your contacts using an email that looks similar yours. They include an attachment that looks like one you may send, but it sends them to a false Google login page instead.
This seems legit because it's from your Gmail address. It's crafted the way you would craft an email, and it contains an attachment that looks perfectly safe. Once the user enters their Google credentials, the scammers have full access to their account, and everything in it and the cycle of email hijacking continues. This scams fools even the most savvy user.
This particular scam is being called "the most well-executed scam in recent history" so always remember that anyone can fall victim.
What can you use to protect yourself?
People don't take a close look at the URL they are being sent to. They see a familiar page and feel safe. Instead, enter the URL you know you should be directed manually. For instance, if you are supposed to log into Google, type the Google URL in yourself. As a side note, whether you are clicking a link in an email or on a website, always analyze the URL. It should be the domain you recognize.
Think things through. Is there a legit reason for you to be receiving a particular email from this contact at this point in time? Have you even communicated with them recently? Why are you being asked to log into Google when you're already in Gmail, which means you're already logged in?
Don't make the mistake of thinking that your web browser will warn you of threats. Analyze everything on your own to decrease your chances of becoming a victim.
What should you do if you have even the slightest suspicion that an email is not safe?
If in doubt, DON'T CLICK. It's better safe than sorry when it comes to your personal information and the security of your accounts.
Notify your contact by separate email if you receive suspicious emails from them to find out if they are legit. If the email isn't legit, the owner now knows they've been hacked and can change their information to prevent further damage.
Change your password immediately and advise your contact do the same if they indicate they did not send the email.
Remember, scammers are always perfecting their craft, never let your guard down. Ever.