Gmail posts - Safe and Secure

October 6, 2009 3:15 PM PDT

A recent phishing scam resulting in usernames and passwords of Microsoft's Hotmail, Google's Gmail, and possibly accounts of AOL and Yahoo users being posted online is cause for concern for anyone who uses any of those services. Rather than panic, though, there are simple ways to avoid becoming a victim or being further victimized, if your account has already been compromised.

Microsoft and Google said the compromised information likely came as a result of a phishing scam, through which millions of people are sent e-mail (often warnings about a fake security breach), asking them to click on a link to take them to a Web site so that they can enter their correct information.

When phishing attacks first became prevalent, the fake sites were often crude imitations of the real things, but these days, they can look exactly like the legitimate site, typically of a bank, a payment service such as eBay's PayPal, or another financial company. When the user logs in with a username and password, or provides credit card numbers and other confidential data, that information is captured by the e-mail senders, who can use it to impersonate the victims.

In addition to someone being able to read your messages, a risk of having your e-mail account compromised is that many sites will send a lost password to an e-mail address, so if criminals can access your e-mail, they might be able to use it to get passwords from other sites, including financial accounts.

Audio

Podcast
Symantec's Marian Merritt on
how to avoid being a victim.

Download mp3

BBC News is reporting that it has seen lists containing more than 30,000 names and passwords, some of which "appear to be old, unused or fake," but "many--including Gmail and Hotmail addresses--are genuine." To put this into context, Gmail and Hotmail sites had more than 84 million unique visitors in July. Yahoo Mail had more than 156 million unique visitors, according to ComScore.

Here's some advice that can help you avoid becoming a phishing victim.

Change passwords regularly
Even if this particular breach hadn't occurred, many experts recommend that you change your password about every three months. This is as good a time as any to do just that. It's also a good idea to avoid using the same password on multiple sites, but if you're one of the many people who have done that, be sure to change your password elsewhere. Gmail asks users to provide them with an alternate e-mail address, so be sure to change the password for that account as well.

As I pointed out in this post about password security, consider using a password manager like LastPass (free) or RoboForm that can generate and manage strong passwords.

Click cautiously
If you get an e-mail that appears to be from legitimate site with a request that you click on a link to visit the site for any reason, including updating your security information, think before you click. It might be taking you to a rogue site that captures that information for possible identity theft or other crime. It's safer to just type in the URL yourself. Be extremely wary of any requests to provide Social Security numbers or credit card information, unless you're absolutely sure that you're dealing with a legitimate site. When visiting a site, make sure that the URL is that of the organization.

Look for secure sites
If you're asked to provide sensitive information such as a credit card number, be sure that the URL begins with "https" (the "s" stands for "security") and that there is a padlock icon, typically in the lower-right corner of the browser.

Use a phishing filter and good antimalware software
The most recent versions of most browsers, including Microsoft's Internet Explorer and Mozilla's Firefox, help filter phishing sites, as do security suites from McAfee, Symantec, TrendMicro, and other companies. Security software also helps protect you against malicious software that can log your keystrokes, or otherwise jeopardize your privacy and security. Make sure that your security software and your operating system are up-to-date.

Think critically
If something seems too good to be true, it's almost invariably too good to be true. Think about what you're about to do on any site you visit, especially if it's a site you don't already trust. Never use the same password on an unknown site that you use for e-mail, banking, or other sites where security is essential.

The U.S. Department of Homeland Security's National Cyber Alert System has additional tips to help you avoid phishing and other social engineering attacks, and ConnectSafely.org has tips to create an manage strong passwords.

Topics:: Miscellaneous

Tags:: phishing,; security,; Gmail,; Hotmail

Share:: Digg; Del.icio.us; Reddit; Facebook

April 5, 2009 3:21 PM PDT

What I hate and love about Gmail

by Larry Magid

48 comments

I've had a love-hate relationship with Gmail ever since it was introduced in 2004. Among the things I love about Google's free e-mail service is the vast storage, terrific spam filters, fast search, and the ability to automatically forward mail to another address or access it from any e-mail program. What I hate is that the only way to look at your mail at Gmail.com is through a threaded or conversational interface.

Most e-mail programs and Web-based e-mail services present mail in reverse chronological order so that the most recent message is always on top, on a line all by itself. Gmail sort of organizes mail chronologically but it does so it in "conversations" so that messages, responses and responses to responses all wind up within the same message, which may or may not show up on top, even if it's the most recent message to arrive.

In an interview, Gmail product manager Todd Jackson told me that users prefer that interface and, while I've never done a scientific survey, I'm quite sure that some people do prefer that interface to the more traditional one that's used by Outlook, Yahoo Mail and most other mail services. But I know I'm far from the only Gmail user who at least wants the option to look at mail purely chronologically.

It seems to me that it wouldn't be all that hard for Google to give people a choice of how they want to see their mail. Google Labs has come up with all sorts of other options for Gmail that range from the very useful to the downright silly, and it strikes me that an option of letting people see their most recent message on top would be pretty popular.

Jackson acknowledged that others have made such a request but says that "it's not in the top five" on their list of popular requests.

Workarounds

There are a couple of roundabout ways to get your Gmail in pure chronological order. One is to click on Settings followed by "Forwarding and POP/IMAP to configure Gmail so that it can be accessed via Outlook, Thunderbird, Eudora, Outlook Express, or any other e-mail program. Another--and I know this sounds weird--is to also set up a free Yahoo account and forward your Gmail to Yahoo Mail. That way you get Gmail's amazing archiving feature and superior spam filters with the option to view your mail chronologically in Yahoo Mail.

Back to the love side of the equation, Gmail does have some tools that make it easier to find important mail including labels and filters that allow you to highlight mail from certain people or domains. To avoid missing messages that could impact my career, any Gmail I get from colleagues at CBS News and CNET, for example, are highlighted with a red VIP label. I've set things up so that mail from my bank, credit card companies and investment firm get a green label with the word "Financial."

Gmail labels let you highlight important mail

For instructions on how to use labels and filters see Google's excellent video tutorial and for more about the past and future evolution of Gmail check out Stephen Shankland's recent interview with Todd Jackson.