Google has cautioned users of Gmail and YouTube about an impending phishing attack that could potentially serve as a threat to its users.
According to a public release issued by the Cyber Security Authority on May 8, the personal data of unwitting victims could be obtained from Gmail and Youtube through an attack vector used by these hackers for further malicious attacks.
“Google has issued an alert to users of Gmail and YouTube against an emerging phishing attack that poses a threat to users of these online services. Hackers use this attack vector to harvest the personal and/or sensitive data of unsuspecting individuals to perpetuate other malicious activities.”
The statement explained that hackers imitate Google’s brand to send fake emails to users titled “Online Reward Program”.
These hackers use these fake emails and pop-ups with messages requiring users to click links to redeem prizes. The links require users to provide their personal information which becomes vulnerable to hackers.
“Attackers are impersonating Google’s brand to send fake emails or pop-ups beginning with the subject line ‘Online Reward Program’. Users who open this email or pop-up are presented with a message ‘Congratulations! You are a lucky Google user!’ Every 10 millionth search is reached worldwide; we will proclaim a lucky user to send out a thank-you gift. You are the lucky user!’ The message then requires users to click on a specific link to redeem their prize by entering their personal information, which is then harvested”.
For YouTube, attackers send emails to users titled “YouTube policy change” and “The YouTube team sent you a video” which also contains a link where personal details are required to be entered and are accessed by the attackers.
“Attackers are impersonating YouTube channels to send fraudulent emails to unsuspecting users. The emails are sent from firstname.lastname@example.org using subject lines such as ‘YouTube policy change’ and ‘The YouTube team sent you a video.’ The email contains a link to the video or an attachment that leads to a fake login page where personal information is harvested or may contain malware.”
The Cyber Security Authority went on to advise the public to refrain from sending personal information to any link from unsolicited senders.
The authority also asked users to review reward programmes sent via media as Google does not offer prizes in the format mentioned above.
Messages that create trepidation must be observed with caution as advised by the authority.
“Google does NOT offer spontaneous prizes in the format described above. Do NOT reply with your personal information. Do NOT reply to or click on any link or attachment from an unsolicited sender. Verify any reward programmes via mainstream media outlets such as newspapers and websites before assuming they are true. Be cautious of messages that create a sense of urgency or fear, prompting you to take immediate action or risk losing access to your account or any other offer.”
The Cyber Security Authority has a 24-hour Cybersecurity/Cybercrime Incident Reporting Points of Contact for users to report cyber crimes and also to seek counsel regarding online activities .
The public is advised to call or text – 292, WhatsApp – 0501603111 or Email – email@example.com to report cyber crimes and receive assistance on online activities.
Read the full statement below for more information.