Phishing sites are becoming more aggressive in creating authentic-looking login pages to mislead people into giving up their passwords and other sensitive information. The image below is designed to look like a reasonably standard login page; however it is one of the many examples of an effective phishing page.
By logging in to a phishing page with your Gmail address, you are effectively giving attackers access to your entire Google account without being aware of it already happening. This kind of phishing site has succeeded 45% of the time because:
• People are still unaware of the risks of clicking on links within emails
• The ability to tell a legitimate email from a scamming one is getting more difficult
• More often than not, there is no first line of defense that guards specifically against phishing
Google has recognized the need to increase the security of their users accounts which is why they’re recently launched Password Alert. It is a free, open-source Chrome extension that serves as an extra layer of protection for your Google and Google Apps for Work Accounts. Password Alert can be downloaded from the Chrome Web Store. After installation, it will show you a warning (see image below) should you type your Google password into a site that is not a recognized and legitimate Google sign-in page.
This warning serves a dual purpose – it protects Google account holders from phishing attacks and additionally, it promotes the use of different passwords for different sites which is one of the many security best practices that helps prevent phishing and hacking from happening.
How Password Alert Works
The minute you install Password Alert, you will be asked to sign in to your Google Account. Chrome will then remember the “scrambled” version of your password. It is important to note that Chrome only remembers this sensitive information for security reasons and does not share it with anyone. In any event that you type your Google login credentials into a website that is not a legitimate Google sign-in page, a notice like the one pictured above will appear which informs you that your account is at risk of being phished. Should you get this notice, protect yourself by immediately updating your password to prevent any phishing or hacking of your account.
What this means in the Workplace
Recently, there have been an increased number of instances wherein workplace productivity and resources are put in risk because of phishing emails and other malicious software. Installing Password Alert along with whatever security measures your workplace has in place increases the chances of preventing and catching phishing and malware attacks.