I’ve received a couple of emails recently that made their way into my inbox (and away from my spam folder) that I think are troubling. They are well-drafted attacks designed to convince the recipient that their Gmail or YouTube account is about to be deleted unless he or she clicks right away. Of course, words like “warning” or “instant” should always give you pause — criminals always try to get you off your game by creating a false sense of urgency. But I could see someone falling for this technique, so I’m calling it out.
Sunday’s version of the scam threatens my email account with the subject line, “Instant Gmail termination, verify now.”
“Your account is scheduled for termination. Activate now to stay connect. Google team,” it says, The bad grammar is a tipoff, but there’s something you might not notice unless you look carefully at the “from” line. It says “Gooqle Setting,” with a “q” where a “g” should be. Clever, those criminals. That’s probably part of the reason it wasn’t stopped by Google spam filters. Of course, clicking on the link doesn’t bring you to a Google website. So delete this one immediately.
Yesterday, I received a similar menacing email that was a little more elegant and subtle in its presentation (see above). It warned of an upcoming terms and conditions privacy-related change at YouTube, and urged me to click to confirm my personal information.
“Over the past year, we have introduced new features and controls to help you make the most of your use of YouTube, and we listened to the people who have asked us to provide a better explanation of how we get the information and use it,” the note says. But again, the would-be hacker here used unconvincing language. “Because of the latest updates ask many of our customers to confirm their information, and this is not something to worry about,” it said.
Still, a privacy policy update could seem benign, and I could see a user clicking on this one. Don’t be that user.
About 5 hours after that email arrived in my box, Google added a warning to it with a red band across the top that read, ” Similar messages were used to steal people’s personal information. Unless you trust the sender, don’t click links or reply with personal information.” An excellent step, but about five hours to late for some people, I’m betting.
I don’t know how widespread this problem is — I’ll try to find out. But I do know that techniques like this pop up, and persist, only because they work. So today’s warning: Be very, very skeptical of emails that seek to verify your account, particularly if you didn’t initiate the dialog. Even if you did — say, you requested a new password from a site — always be careful of clicking on a link in an email. Always hover over the link first and see where it’s taking you. And always glance up at that address bar and see where you’ve landed. That’s not a fool-proof technique, but it’ll protect you from a lot of similar scams.
Sign up for Bob Sullivan’s free email newsletter.
Be the first to comment