SPRINGFIELD, Mo. There’s a new email scam going around, and experts say it has the potential to fool even the most tech-savvy users.
The scammers are targeting Gmail users by sending an email that appears to be from a friend. When you open the email, you’ll see what appears to be a PDF attachment. When you click on it, you’ll be taken to a website that looks just like the login page for Google.
Marc Moyer owns Cybergurad, a security company in Springfield.
He explained, “You click on the image, and it sends you to a site, or what looks like Gmail. And it looks exactly like you’re logging into Gmail. Except it’s not. It’s actually taking your information, and giving it to the bad guys.”
Over at Altec, Computer Repair Technician Austin Merath said, “That’s the problem. It looks so legitimate, it looks like it is actually from Google. That they won’t even think twice about it, and they’ll give their information right away.”
Once they have your password, the scammers can learn a lot about you simply by going through your inbox.
“They can see what you’ve been purchasing, who you’ve been talking to, if you have any information saved in there, they can go and look through that,” Merath said.
Experts say you have to check the URL bar to know if the Google login page is a fake.
“There’s a couple of things,” said Moyer, “One it doesn’t have that secure symbol. So it’s not a properly secured website, where you’re putting passwords in. The second is, the actual line doesn’t look like Google.”
Are you worried you’ve already fallen for this? Moyer says there’s a website that allows you to check your email address. There’s a link in the sidebar.
Experts say you should also just change your password.
“I recommend people just write it down on a physical piece of paper that way it’s not stored on your computer,” said Merath.
Experts also recommend using 2-step verification. In Gmail, you open your settings, and click on ‘Other Google Account Settings’ near the top. It will open a separate tab, where you can click on ‘sign-in and security’ and scroll down to turn on the 2-step verification. That means when you log in, there’s a separate pass code that’s sent to your phone. That means if someone steals your password, they can’t log in to your account unless they have you phone with them.