No reply accounts Google com 真 假Accounts Google com emailGaia bounces Google com What is itNo reply accounts Google com age verificationNo reply accounts Google com RedditNo reply accounts Google com sign in attempt was blocked[email protected] pttGoogle blocked someone from signing inGoogle's Confusing Gmail Security Alert Looks Exactly Like a ...
文章推薦指數: 80 %
Security researchers say the legitimate email is training people to have bad email hygiene. +EnglishVICEWatchWorldNewsCultureEntertainmentIdentityEnvironmentTechSexHealthFoodMusicVICEWatchInputforsearchingarticles,videos,showsWorldNewsCultureEntertainmentIdentityEnvironmentTechSexHealthFoodMusicGoogle’sConfusingGmailSecurityAlertLooksExactlyLikeaPhishingAttemptSecurityresearcherssaythelegitimateemailistrainingpeopletohavebademailhygiene.byLorenzoFranceschi-Bicchierai16.1.18ShareTweetSnapImage:sabbracadabra/ShutterstockLastweek,mypartnergotastrangeemailalertfromGoogle—oratleastitlookedlikeitcamefromGoogle.Alarmedandconfused,sheimmediatelyforwardedittome.“Whatthewhat?”shewroteintheemail.MypartnerisnotasecuritygeeklikeIam,andyetIhadthesamereactionwhenIsawit.Bothwhensheforwardedittomelastweek,andwhenIgotanidenticalalerttoday.Inspectingitmoreclosely,IwasprettyconfidentthiswasalegitGooglealert.Theemailaddressofthesenderisno-reply@accounts.google.com,andGmailitselftellsmeit’smailedbygaia.bounces.google.comandsignedbyaccounts.google.com.Asasecurityreporter,thesearebothsignsthattellmetheemailislegitimate.Butregularusersmightnotknowwheretolookfortheseorhowtointerpretthem.AdvertisementStillwewerenottheonlyonesbaffledandabitworriedbyit.SeveralpeopleonTwittertoldmetheyfeltthesamewhentheygotit:somethoughtitwas“suspect,”orstraightupa“phishingemail.”RichardDeVere,asecurityconsultantwhospecializesinsocialengineering,saidthateventhoughtheGoogleemailwegotisnotaphishingattempt,itissogoodatluringpeopletoclickonalinkthatheplanstoaddittohisbrochureofgoodphishingattackstouseitinhisethicalhackingengagements.“Ithasurgency,guidestoaloginpage,quitevague,butalarming…weusedtotakelegitimateGoogleemailsandadapt,butthisisjustperfectasis.[…]It’sthatgood,”hetweeted.“UnforgivableforGoogletosendthisoutenmasse.”Readmore:TheMotherboardGuidetoNotGettingHackedInthiscase,accordingtoGoogle,thealertsaredesignedtogetuserstogothroughtheveryuseful,anduser-friendly,securitycheckup,whichhelpsuserssetuptwo-factorauthentication,checkifanyoldappshaveaccesstotheiraccount,andreviewunusualsecurityeventssuchassign-insfromnewdevices.Thecompanytoldmethatthisalertistheresultofmonthsofexperiments,andthisversionofthealerthadthebestengagement(meaningpeopleactuallyopenedandclickedit).Therearenospecificsinitbecausethecompanywantedtoavoidgivinghackershintsaboutwhatwaswrongwiththeaccount,andthecompanyconcludedthattheextraclickrequiredtogettothecheckupwasasecurityfeatureinthiscase.AdvertisementHarloHolmes,adigitalsecuritytrainerattheFreedomofThePressfoundation,toldmethatthedesignofthisemailalert“reinforces”theusererrorofclickingonphishinglinks.Ineffect,thisalertmayverywellbetrainingpeopletoclickonrandomlinkssenttotheiremails.Inthiscase,theemailislegitimate,butthattypeofbehaviorisgenerallyhowpeoplegetphished.Gotatip?YoucancontactthisreportersecurelyonSignalat+19172571382,[email protected],oremaillorenzo@motherboard.tvHolmesstressedthatwhensomeonereceivesanalertlikethis,therightthingtodoistofirst“takeadeepbreath,”andthenopenanewbrowserwindowandmanuallytypeandnavigatetothesettingsoftheserviceinquestion(inthiscase,tomyaccount.google.com/security-checkup)andseewhat’sgoingonthere,withouteverclickingonthelinkintheemail.“Theyarewalkingafinelinehere:ifyouraccountiscompromised,theydon’twanttogiveyourattackertoomuchspecificinfoastohow,”Holmestoldmeinanonlinechat.“Theyjustgiveyouenoughinfotohopefullygetyourattention.”MattMitchell,asecurityspecialistwhoteachesregularpeoplehowtostaysafeonline,agreedthatthisalertispoorlydesigned.“Iamsurethenowpanickeduserjustwantstoknowwhattodo,”hetoldmeinanonlinechat.“Goodsecuritybeginswithcommonsense.Userswillbehavebadly,weneedtoaccountandplanforthat.”Googlehashistoricallybeenveryproactiveathelpingusersimprovetheirsecuritysettingsandalertingthemofattacksontheiraccounts.In2012,thecompanystartedwarninguserswhoweretargetsofgovernmenthackingattempts.Toavoidmisunderstandings,thesealertsdon’tcomeinanemail,butaredisplayedinthebrowser.GivenhowmuchhackerslovetopretendtobeGoogletotrickvictimsintogivingawaytheirpasswords,perhapsthatwouldhavebeenabetterdesignforthisalertaswell.GetsixofourfavoriteMotherboardstorieseverydaybysigningupforournewsletter.Tagged:TechMotherboardNewsHackingGooglecybersecurityemailphishingInfosecGmailalertTechnewsinformationsecurityAdvertisement
延伸文章資訊
- 1Google's Confusing Gmail Security Alert Looks Exactly Like a ...
Security researchers say the legitimate email is training people to have bad email hygiene.
- 2Is no reply accounts google legit - Loginask
Google Critical Security alert is a fraudulent message which has been actively spreading around w...
- 3'Suspicious sign in prevented' email - Google Account Help
If you've received a 'suspicious sign in prevented' email from Google, it means we recently block...
- 4Is no reply accounts Google com a real email? - AnswersToAll
How can I tell if an email from Google is legitimate?
- 5[email protected] e-mail : r/techsupport - Reddit
I got an e-mail with [email protected] saying Review ... all the links I hovered over ...
