GMail Filters “Opportunity For Fraudsters”

Gmail logo

The Guardian has a warning for GMail users about the dangers of having email diverted from their accounts using its filters function.

The article contains a story about one user who ended up sending a payment to an account he thought belonged to someone he owed money; in fact a scammer had infiltrated his GMail account, set it to redirect any emails he received containing the words “sortcode”, and then recreated and sent him a similar email containing their bank account details.

He sent off the money and was none the wiser, until the people he really did owe money to got in touch to say they hadn’t yet received it.

In fact, the tone of the Guardian article does err on the side of sensationalism.

The filters themselves aren’t the problem; fraudsters still need to get hold of a username and password in order to access the account and to setup the filters in the necessary way. Indeed, the Guardian goes on to say “how easy” it is to setup filters, and they’ve been having fun in the office doing it to each others accounts. But if you’re going to leave your GMail account logged in, then you’re making it easy for someone to steal your details and then setup these filters or send out emails on your behalf.

So whilst this warning is largely aimed at GMail (although it’s worth checking to see there are no unexpected filters in place), even non-Gmail users need to be careful that their email accounts aren’t hacked into.

The normal rules apply – use a long, non-guessable password with a mixture of letters and numbers, change it regularly and beware of clicking links in emails asking you to login to a site (fraudsters trying to “phish” your login details).

Always sign out of sites such as email services and online banking once you have finished using them (and further more, close the browser), and don’t sign into them on shared computers.

Creative Commons License photo credit: Kinologik

Similar Posts:



Leave a Comment

Your email address will not be published. Required fields are marked *