The e-mail saying that your Gmail account may have been compromised conveniently contains a link or button for you to click on to remedy the problem. Slow down and think. According to an Ars Technica story, this is exactly how the breaches of the Democratic National Committee and the personal e-mail breaches of former Secretary of State Colin Powell and Clinton Campaign Chairman John Podesta took place.
The spear-phishing attack used custom-coded Bit.ly shortened URLs containing the e-mail addresses of their victims. The URLs appeared in e-mails disguised to look like warnings from Google about the victims' accounts. Crafty, and as the story notes, it is pretty well confirmed that these bogus warnings came from Russian intelligence or one of their hacking minions.
So, to tell a story on myself, I got a Google e-mail warning that a previously unknown device was accessing my Google account via Internet Explorer, which I do not use. There was a link to view recent activity on my account.
So what do you do? In my case (and it pains me to admit this), I had never gotten around to enabling two-factor authentication on my Gmail account. I am hanging my head in shame. "The cobbler's children have no shoes," right?
Now, we use Mimecast to detect malware and Mimecast did not see a problem with the link, so it may have been real. But the cautious approach is to log directly into your Gmail account, change your password and enable two-factor authentication (in My Account, Sign-in and Security).
Enabling two-factor authentication had been a task that I just kept pushing until another day in Outlook. With as many of these targeted phishing e-mails as we've seen recently, the time for delay is at an end. Wherever you have private information, ensure your privacy by enabling two-factor authentication if it is available.
The worst part of the experience was the ribbing I took from John, who will no doubt continue the ribbing publicly in our CLEs. And to think I brought this on myself . . .
E-mail: email@example.com Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology