Gone phishing: 5 ways you can protect yourself online in light of latest Gmail hack

Privacy is a right you haven’t always had but that you’re fully entitled to. Article 12 of the Universal Declaration of Human Rights states: “No one must be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation.”

It’s a human right, one you are born with regardless of your race, sex, religion, nationality, sexual orientation or political affiliation. Just because you have it doesn’t mean anyone will help you protect or realise it. 

Here are five tips to help you guard against digital attacks on your virtual life.

1. Distrust is king
A few simple practices can vastly reduce your risk of being hacked or having your information stolen or leaked. Antivirus programs have their limitations but they are still good to have on your devices. But no antivirus program can save you if you’re not diligent about your own security. 

Never ever trust anyone who approaches you directly. No reputable service will ever email you and ask you for a password or any other identifying data.

Companies such as Facebook and Google allow you to upload unlimited data to their servers for free, but then sell your info on to advertising companies. Never respond to requests for personal or account information online, especially in emails. If a government or banking institution calls you to ask for personal information, make an appointment to hand it over in person. If an email from a company tries to solicit information from you, check whether there is a verifiable phone number in the email and call to confirm the request.

READ MORE: Hacker collects 272m email addresses and passwords, some from Gmail

2. Two-phase authentication is an annoying but crucial step
Think of your emails as a skeleton key to your life. Once that’s compromised, it’s easy to access other areas of your life.

There’s a new phishing scam targeting Gmail users. Security analysts say it’s extremely sophisticated and that even experienced, tech-savvy users are being duped. The scam tricks potential victims into giving up their Google credentials, before going through their sent messages folder for new victims to pass the malicious email on to.

The attack uses image attachments that masquerade as PDF files. Once clicked on, users are directed to phishing pages masquerading as the Google sign-in page. As soon as a password is entered the account is compromised. Using familiar subject lines and attachments from information gathered from previous correspondence, the attacker makes the phishing emails look ever more convincing to recipients and allows the scam to propagate quickly. The phishing pages do not appear to set off Google’s SafeBrowsing system warnings, which are designed to alert users when they land on an unsafe web page.

Not all is lost, thankfully. You can avoid being targeted by enabling a two-factor authentication and by looking out for the prefix “data:text/html” in the browser location bar, which indicates that you are being directed to an illegitimate web page. Basically, two-factor authentication is a second layer of security when signing in, which usually involves receiving a text message with a special code whenever you sign into your account.

Look at the browser address bar and verify the protocol and hostname. Make sure that there’s nothing before accounts.google.com other than https://. It ought to look like the below image.

3. Don’t reuse your [email protected]
There’s no point in having a long, convoluted password if you’re going to reuse it across multiple platforms. Instead of trying to memorise multiple passwords you can use software like RoboForm or LastPass, which generate strong passwords for sites and then remember them for you. Always use a password manager that’s independent of your browser. Third-party managers allow you more options, such as mobile device support and they work on both Windows and Mac and have smartphone support. If like me, your brain freezes on occasion, this is a handy tool. That goes for you too, Mark Zuckerberg.

4. Shush!
Social media has a insidious way of making one feel safe and comfortable in the notion that people on the internet are our friends and close acquaintances. It’s tempting to tell everyone online that it’s your baby’s first day at school or where you work but it would be prudent to keep certain aspects of your life private. Please don’t confuse secrecy and privacy. When you visit the loo we all know what you’re doing but you still close the door.

Sharing everything is great for advertisers, but it can be a dangerous endeavour. What happens if someone culls information from your Facebook account to steal your identity? Do you really want strangers taking note of your check-ins and tags to know where you are at all times?

Being safe on social media means guarding your personal details jealously. Regularly review your Facebook privacy settings to make sure you’re not sharing anything you’d rather keep private. You should also check these Google privacy settings. Even if you don’t use Google+ social network, it might still be leaking your private email address to the world.

Don’t divulge your full birth date, your mother’s maiden name, pet’s name or any other identifying information that can be used for password recovery on social media websites.

READ MORE: Social networks are ‘playgrounds for hackers’

5. Websites are tracking you 
Did you know that websites keep track of how you’re using them, and even the sites that don’t require you to sign up with an account can keep a track of your preferences and behaviour using cookies? 

Google and Facebook keep tracking you even when you’re not signed in and follow you around the web to serve you with “relevant” advertising and content. And as most of us will have signed up for at least one of Google’s many popular services, that’s the company that has the most information. If the idea that these companies know so much about you makes you uncomfortable there are ways to stop it. 

Head to the advertising cookie opt-out page and click download to get the cookie opt-out plugin. This plugin is available for Chrome, Internet Explorer and Firefox. After downloading this plugin, Google will stop tracking your browsing activity.

If Google’s tentacles are too far-reaching for you, switch to DuckDuckGo, a search engine that respects your privacy. It doesn’t tailor search results based on your interests or the websites you frequent. 

Bonus tip: It doesn’t matter if you have nothing to hide
Watch this TED talk by Glenn Greenwald on why privacy matters. Greenwald was one of the first reporters to see – and write about – the Edward Snowden files, with their revelations about the United States’ extensive surveillance of private citizens. In this eye-opening talk, Greenwald makes the case for why you need to care about privacy, even if you’re “not doing anything you need to hide.”

Subscribe to the M&G

These are unprecedented times, and the role of media to tell and record the story of South Africa as it develops is more important than ever.

The Mail & Guardian is a proud news publisher with roots stretching back 35 years, and we’ve survived right from day one thanks to the support of readers who value fiercely independent journalism that is beholden to no-one. To help us continue for another 35 future years with the same proud values, please consider taking out a subscription.

Kiri Rupiah
Kiri Rupiah is the online editor at the Mail & Guardian.

Related stories


Subscribers only

How lottery execs received dubious payments through a private company

The National Lottery Commission is being investigated by the SIU for alleged corruption and maladministration, including suspicious payments made to senior NLC employees between 2016 and 2017

Pandemic hobbles learners’ futures

South African schools have yet to open for the 2021 academic year and experts are sounding the alarm over lost learning time, especially in the crucial grades one and 12

More top stories

What the Biden presidency may mean for Africa

The new US administration has an interest and much expertise in Africa. But given the scale of the priorities the administration faces, Africa must not expect to feature too prominently

Zuma, Zondo play the waiting game

The former president says he will talk once the courts have ruled, but the head of the state capture inquiry appears resigned to letting the clock run out as the commission's deadline nears

Disinformation harms health and democracy

Conspiracy theorists abuse emotive topics to suck the air out of legitimate debate and further their own sinister agendas

Uganda: ‘I have never seen this much tear-gas in an...

Counting was slow across Uganda as a result of the internet shutdown, which affected some of the biometric machines used to validate voter registrations.

press releases

Loading latest Press Releases…