latest
Google is getting serious about Android's phishing problems
New features being piloted have financial fraud squarely in their sights
Whether you’ve experienced a phishing scam personally or know a victim, you're surely aware of the extensive damage it can cause. Aside from the emotional impact, your finances can take a hit, depending on how much access the scammer gets to your sensitive information. Google knows how easy it can be to fall for a phishing scam, even if you’re up to speed on new types of online fraud. Now, the company is launching a pilot program in one city, specifically to address the financial fraud impacting Android device owners.
Android is preparing to add built-in phishing protection
Google is working on a feature that will scan apps for signs of phishing or other deceptive behavior
No matter how technologically savvy you are, you’re not immune to phishing. Phishing, for those of you who aren’t aware, is a type of cyberattack that hackers employ to get users to hand over their sensitive information. Phishing attacks can get really sophisticated, which is why it’s important to always be vigilant and double check that the app or website you’re entering your credentials into is legitimate. To better protect regular users from phishing attacks on Android, Google seems to be preparing a new feature that will automatically detect if apps are fishy.
There are a lot of scams online, and it's becoming increasingly difficult to dodge scammers who target you via phishing texts, emails, fake ads, and spam calls. To make matters worse, tricksters use bots and advanced algorithms to make you fall into their traps. An average smartphone user receives numerous spam and phishing messages daily.
The internet is filled with scams. Fake ads, phishing emails, spam calls, and text messages are some of the ways you can lose your data and money. Nowadays, many scams are created by bots powered by advanced algorithms. Phishing texts are another type of scam, and they're growing in popularity. You can still be vulnerable even if you use one of our favorite Android phones. Let's look at what these so-called "phishing texts" are and how you can protect yourself against them.
What is phishing: Types of attacks and how to prevent them
No, you are not entitled to $10,500,000 U.S. dollars from the Bank of Burundi
Most people use the internet for anything and everything, from interacting with work colleagues to exploring the world of AI chatbots. And while the internet is a beautiful tool for these reasons and many others, it can also hurt people's security and privacy. For one, large corporations like Amazon and Google find novel ways to squeeze every drop of data out of our online presence in the name of the bottom line. On that note, you can follow these simple steps to improve your digital privacy on Android.
Someone ruining your day with an email is unsettling. Phishing emails are among the many ways attackers steal your information online. Though harmless at first glance, they open a virtual doorway to your credit card details, account passwords, and other personal information. In extreme cases, they infiltrate your mobile phones and computers when you download attachments. There's no easy way to catch the culprit or make them pay, but you can report them.
What to do if you accidentally click on a phishing link
Don't panic, you can still keep your data secure
The best way to prevent a phishing attack is to avoid clicking those links. However, as the attacks become more intelligent, they become harder to avoid. If you click a link, don't panic, there are a few steps you can take to ensure you minimize the chance of having your personal data or, worse, stolen.
Digital threats have become increasingly clever, and even the most tech-savvy people can be caught off guard. The number and variety of cyberattacks have also increased dramatically. If you've been putting off a security checkup, it's time to take action.
If you're especially wary, you can spot a faked browser window designed to lure you into thinking it's the login page you need. The page may not load properly, or the graphics may seem subtly changed — or the URL looks wrong, which should immediately flag anything suspicious. The URL-related advice to help avoid getting phished may not be as strong as it used to be, unfortunately. A researcher recently developed a new form of rendering pop-up login windows that could easily trick even security-conscious users into thinking they're giving their private data to a legitimate site.
Spam isn't just the bane of your personal email — if anything, it's even more aggressive about weaseling its way into work inboxes. While many spam messages are easy to spot immediately, bad actors still try to use clever lures, including attempts to make the recipient believe emails are from someone familiar, like a co-worker or friend. In its endless uphill battle against spam, Google has added a feature to Workspace that will help ensure we all waste a little less time trying to figure out if the messages we receive are the real deal.
Google Drive's new blocking tool is here to help put an 'end' to spam
At least until the attacker makes a new email address
It's been more than two years since Google acknowledged Drive spam is a real issue with the service, and we've been patiently waiting for any action to be taken. In May, the company confirmed a solution was on the way, allowing users to block email addresses from sharing content with you in the future. After a couple of months, that fix is finally being made available to Drive users.
Chrome 92 launches with privacy and performance upgrades
Better per-site permissions, new Chrome Actions, and improved phishing detection
Chrome 92 is launching today. Apart from the smaller interface experiments and the developer-focused novelties we previously covered, there are some improvements on the privacy front, regarding both features and performance enhancements.
Google Drive is fixing the most annoying part about sharing docs
Finally, a solution to the spammers
Google Drive has always had some problems with spammers — no wonder, since there's no way to stop strangers with your email address from sharing files and folders with you in Drive. Google acknowledged the problem and promised that it would work on a solution all the way back in 2019, but has been radio-silent since then — though we assume there was some work in the background, as we've seen much fewer reports in recent times. But now the company is adding a user-facing solution to help against spam, phishing, and otherwise unwanted files: a blocking option.
Google protected us from 2.7 billion nefarious ads last year
Phishing and trick-to-click advertisements were among the worst offenders
Given how much many of us depend on Google's services, its in the company's interests to ensure its platforms don't serve us bad ads that could be out to fool us. With such a sprawling portfolio of products, that's no mean feat, and in 2019 that meant a total of 2.7 billion ads blocked and removed by various teams at Google. If the scale of that is hard to fathom, it works out as 5,000 ads per minute.
Google first introduced a Password Checkup Chrome extension this February to help you check if your login information had been breached, which it integrated with the password manager inside your Google Account in October. After testing this feature natively in the beta of its browser, the company is now rolling it out with the new stable version of Chrome 79. While it's at it, Google is also enhancing some phishing protection mechanisms.
We've all received a spam email telling us we've won millions of dollars or need to reset our online banking password. Although these are widespread, most messaging platforms and even browsers have learned to recognize them for our protection. Because of this, attackers are finding more sophisticated means to be more attractive: Besides using Google Docs to trick users, scammers have turned to Google Calendar and are relying on its automatic event creation setting to take advantage of people.
A new type of potential phishing attack has been discovered by developer James Fisher. Called the "inception bar" by its creator. The attack allows for a site to spoof a URL in the mobile version of Chrome when scrolling, subsequently locking them into a false UI. In fact, the site detailing this newly-discovered flaw makes use of it, appearing to show an HSBC URL.
Most of us have way more usernames and passwords than we can remember. Thankfully, our browsers can store these for us, but using single sign-on is even more convenient, as it avoids creating credentials for each and every site we visit. The most popular one around is Google's solution, which lets you use your Gmail username and password to connect to any website that supports it. However, as the solution is widely used, some malicious sites embed login pages which can capture the user's credentials and even their 2FA token. To protect users from such attacks, Google is now blocking sign-in attempts from embedded pages.
Back in January, Google simplified its payment offering by merging Android Pay and Google Wallet into Google Pay. The new appellation made it simpler for users to manage their payments, thanks to a unified platform allowing them to pay with their phone, but also online using their browser. Despite this move, the defunct service seems to be coming back to life, in a rather intriguing manner. Indeed, several users have reported receiving notifications mentioning Google Wallet was granted access to their Google account.
Security firm Trend Micro has discovered 29 malicious beauty camera apps that aim to phish user traffic and steal your photos. The apps have already been removed by Google from the Play Store, but only after accumulating millions of downloads.