Those of us in the U.S. have been hearing a lot about “hacked” emails lately.
But in fact it appears the now-infamous John Podesta email hack wasn’t a “hack” at all.
It was a phishing attack. And Podesta and his staff fell for it.
What Is a Phishing Attack?
Phishing is “the attempt to obtain sensitive information such as usernames, passwords, and credit card details, often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.”
In Podesta’s case, attackers sent him an email that appeared to come from Google. It warned that someone in the Ukraine had obtained his personal Gmail password. It then included a link to a website with instructions to “change your password immediately.”
Podesta, to his credit, forwarded the email to an IT staffer. The staffer mistakenly identified the email as legitimate and wrote back to direct Podesta to change his password.
Presumably, Podesta then clicked the link and entered his login information, which handed over the keys to his email account to his phishing attackers.
The rest, as we know, is history.
Protecting Yourself from Phishing Attacks
Whatever your political leanings, you do not want to be in Podesta’s situation.
That’s why you need to be on the lookout for common methods used in modern phishing attacks.
Phishing attacks are always trying to deceive you into giving up personal information.
Here’s what you might see:
1. A Google Phishing Attack
Phishing attacks related to Google services are common.
In the image below, you’ll see an phishing email attempting to steal a person’s Google login and password information.
This is a common phishing attack. If you click the button, the hackers will ask you to enter your username and password into a bogus login site. If you do, they’ll have full access to all your Google services, as what happened to Podesta:
2. A LinkedIn Phishing Attack
Below is another example, this one is attempting to steal a LinkedIn login and password information:
5 Signs That You’re Looking at a Phishing Attempt
Here are a few signs that can alert you to a phishing attack:
- Bogus “From” Email Address – Look closely at the from email address of the Google phishing email: “firstname.lastname@example.org.” That’s obviously not a valid email for Google.
- Urgent Action Required – Many phishing emails urge you to take action right away. The Podesta attack, for example, claimed that someone had already stolen Podesta’s account information.
- Link to a Fake Website – Take a look at the link in any email you receive by email. Hover over links and buttons if you can. You can often spot bizarre phishing links this way.
- Any Mention of Your Password – Most services will not ask you to log in with your password by clicking link in your email. If someone asks for your login information and password, be wary.
- Any Unsolicited Offer of Payment – If someone you don’t know promises you payment via email, that’s almost certainly a phishing attack of some kind. The old adage is true: if it sounds too good to be true, it usually is.
What To Do If You’ve Been Hacked
If hackers gain access to any of your accounts, they can do more than just download them (as they did with Podesta).
They could also move, change, or delete any of the information you have stored in the cloud, just like you would normally be able to.
This is another reason why a failover solution is so critical for any businesses using cloud storage solutions.
Failover creates a permanent backup of all your files and communications in a completely separate platform, one that will be inaccessible to your phishing attackers.
For example, if your phishing attackers obtained access to your Google account, all your information would be safely stored on another platform like Microsoft Office 365 Mail or Dropbox if you enabled a failover plan.
Failover is simple to use, affordable, and can be set up in just a few minutes.
You can find more information about failover here, and you can set up a solution for your files right now at our getting started page.