If you receive suspicious email, here are some tips:
1. Do not click, even when the email is from your mother.
Even when you receive links from trusted contacts, be careful what you click. Spammers, cybercriminals and, increasingly, nation-state spies are resorting to basic email attacks, known as spear phishing, which bait victims into clicking on links that download malicious software, or lure them into turning over their user names and passwords.
A quarter of phishing attacks studied last year by Verizon were found to be nation-state spies trying to gain entry into their target’s inboxes, up from the 9 percent of attacks reported in 2016.
In this case, the malicious emails all appeared to come from a contact, but were actually from the address “email@example.com” with recipients BCCed.
2. Turn on multifactor authentication.
Google and most other email, social media and banking services offer customers the ability to turn on multifactor authentication. Use it. When you log in from an unrecognized computer, the service will prompt you to enter a one-time code texted to your phone. It is the most basic way to prevent hackers from breaking into your accounts with a stolen password.
3. Shut it down.
If you accidentally clicked on the Google phishing attack and gave spammers third-party access to your Google account, you can revoke their access by following these steps:
Revoke access to “Google Docs” (the app will have access to contacts and drive).
4. Change your passwords … again.
If you’ve been phished, change your passwords to something you have never used before. Ideally, your passwords should be long and should not be words that could be found in a dictionary. The first things hackers do when breaking into a site is use computer programs that will try every word in the dictionary. Your email account is a ripe target for hackers because your inbox is the key to resetting the passwords of, and potentially breaking into, dozens of other accounts.
Make your password long and distinctive. Security specialists advise creating anagrams based on song lyrics, movie quotations or sayings. For example, “The Godfather” movie quotation “Leave the gun. Take the cannoli,” becomes LtG,tTcannol1.
5. Report it.
Report any phishing attacks to Google by clicking the downward arrow at the top right of your inbox and selecting “Report Phishing.” Companies count on those reports to investigate such scams and stop them.