Phishing Emails Responsible for Domain Hijackings: Google
Google engineers have posted a detailed explanation saying that the recent domain hijacking related incidents were due to phishing and not because of any security flaws in the Gmail software.
According to Google, attackers had sent e-mail messages to web domain owners asking them to visit fraudulent websites, such as “google-hosts.com”, with the purpose of collection their Google login credentials. Once they had access to the Google mail accounts, they would set up filters designed to forward email conversations with web domain providers.
To prevent such a thing from happening to your own Gmail (or even other web email) account, Google recommends.
1. Always use HTTPS when accessing Gmail. This can be changed from the “Settings” > “General” tab in your Gmail interface.
2. Double check the URL, and only enter your Gmail sign-in credentials if the web address begins with https://www.google.com/accounts..
3. Keep your eye on your filters via the “Settings” > “Filters” tab and lookout for suspicious filters.
You can even consider using OpenDNS since it can block suspected phishing websites.
Google Developer Expert, Google Cloud Champion
Amit Agarwal is a Google Developer Expert in Google Workspace and Google Apps Script. He holds an engineering degree in Computer Science (I.I.T.) and is the first professional blogger in India.
Amit has developed several popular Google add-ons including Mail Merge for Gmail and Document Studio. Read more on Lifehacker and YourStory