Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Google Account. Show all posts

Avoiding Social Media Scams When Recovering a Locked Gmail Account

 

Losing access to your Gmail account can be a frightening experience, especially given that Gmail is deeply integrated into the online lives of more than 2.5 billion users globally. Unfortunately, the popularity of Gmail has also attracted scammers who exploit users seeking help after being locked out of their accounts. These attackers wait for users to post their issues publicly on social media platforms, particularly X (formerly Twitter). They pose as helpful people or even official support agents, suggesting that they can help users recover their accounts. By using fake accounts that appear credible, they deceive users into sharing personal information or even paying money under the guise of assistance. 

Engaging with these fake accounts is risky, as scammers may ask for payment without helping or, worse, obtain the victim’s login credentials, gaining full access to their accounts. In the initial panic of losing an account, people often turn to social media for immediate help. This public search for help exposes them to a swarm of scammers using automated bots to detect posts about lost accounts. These bots then direct users to supposed “support agents” who, in reality, are fraudsters attempting to capitalize on the vulnerability of those locked out of their accounts. Victims may be asked to pay for a recovery service or provide personal details, like account passwords or two-factor authentication codes. 

Often, the scammers promise assistance but deliver none, leaving users at risk of both financial loss and further account compromise. In some cases, attackers use these interactions to access the victim’s Gmail credentials and take over not just the email but other connected Google services, leading to a much larger security breach. While the need for quick support is understandable, it’s essential to avoid turning to public platforms like X or Facebook, which can make users easy targets. Instead, Google has official account recovery methods to retrieve locked accounts safely. The company provides a structured recovery process, guiding users through steps that don’t involve sharing details with strangers. This includes using backup email addresses or two-factor authentication to regain access. 

Additionally, Google has an official support community where users can discuss issues and seek guidance in a more secure environment, reducing the likelihood of encountering scammers. By following these steps, users can regain access to their accounts without exposing themselves to further risk. Even in stressful situations, staying cautious and using verified recovery options is the safest course. Publicly seeking help with sensitive matters like account access opens doors to fraudsters who thrive on desperation. Taking time to verify recovery resources and avoiding social media platforms for assistance can help users avoid falling victim to predatory scams. By following Google’s secure processes, users can ensure the safety of their accounts and keep their personal information secure.

Posthumous Data Access: Can Google Assist with Deceased Loved Ones' Data?

 

Amidst the grief and emotional turmoil after loosing a loved one, there are practical matters that need to be addressed, including accessing the digital assets and accounts of the deceased. In an increasingly digital world, navigating the complexities of posthumous data access can be daunting. One common question that arises in this context is whether Google can assist in accessing the data of a deceased loved one. 

Google, like many other tech companies, has implemented protocols and procedures to address the sensitive issue of posthumous data access. However, accessing the digital assets of a deceased individual is not a straightforward process and is subject to various legal and privacy considerations. 

When a Google user passes away, their account becomes inactive, and certain features may be disabled to protect their privacy. Google offers a tool called "Inactive Account Manager," which allows users to specify what should happen to their account in the event of prolonged inactivity or after their passing. Users can set up instructions for data deletion or designate trusted contacts who will be notified and granted access to specific account data. 

However, the effectiveness of Google's Inactive Account Manager depends on the deceased individual's proactive setup of the tool before their passing. If the tool was not configured or if the deceased did not designate trusted contacts, gaining access to their Google account and associated data becomes significantly more challenging. 

In such cases, accessing the data of a deceased loved one often requires legal authorization, such as a court order or a valid death certificate. Google takes user privacy and data security seriously and adheres to applicable laws and regulations governing data access and protection. Without proper legal documentation and authorization, Google cannot grant access to the account or its contents, even to family members or next of kin. 

Individuals need to plan ahead and consider their digital legacy when setting up their online accounts. This includes documenting login credentials, specifying preferences for posthumous data management, and communicating these wishes to trusted family members or legal representatives. By taking proactive steps to address posthumous data access, individuals can help alleviate the burden on their loved ones during an already challenging time. 

In addition to Google's Inactive Account Manager, there are third-party services and estate planning tools available to assist with digital asset management and posthumous data access. These services may offer features such as data encryption, secure storage of login credentials, and instructions for accessing online accounts in the event of death or incapacity. 

As technology continues to play an increasingly prominent role in our lives, the issue of posthumous data access will only become more relevant. It's crucial for individuals to educate themselves about their options for managing their digital assets and to take proactive steps to ensure that their wishes are carried out after their passing. 

While Google provides tools and resources to facilitate posthumous data management, accessing the data of a deceased loved one may require legal authorization and adherence to privacy regulations. Planning ahead and communicating preferences for digital asset management are essential steps in addressing this sensitive issue. By taking proactive measures, individuals can help ensure that their digital legacy is managed according to their wishes and alleviate the burden on their loved ones during a difficult time.

Cookie Intrusion: Urgent Warning as Malware Targets Google Accounts

 


In a chilling development on the cybersecurity front, a potent new malware strain has emerged, employing an unconventional tactic to infiltrate Google accounts. This intricate risk leverages cookies, typically used for benign website functionality, as a gateway for unauthorised access. Cybersecurity professionals are alarmed by the ingenuity displayed by the perpetrators of this novel attack method. Exploring the digital world demands a heightened sense of vigilance. Whether you're an individual safeguarding personal data or an organisation securing critical information, staying alert is key to warding off these sneaky cyber threats. 

Browser cookies serve the practical purpose of remembering actions on websites, but they also pose security risks. While Google Chrome addresses third-party cookies, a recent vulnerability exposes Google accounts to potential compromise. Malicious groups are actively selling an exploit that enables unauthorised access, bypassing passwords and two-factor authentication. Discovered in October 2023, Google is diligently addressing the identified issue through reverse engineering methodologies. 

This zero-day exploit allows cybercriminals to retrieve session cookies, a critical element in Google's login authentication. Even after users change passwords, this vulnerability remains a threat. The exploit was initially disclosed by an entity known as PRISMA, leading to subsequent investigations. Google acknowledges the issue and advises affected users to sign out on compromised devices for added security. To counter such threats, users are also encouraged to enable Enhanced Safe Browsing in Chrome, offering protection against phishing and malware downloads. 

The discovery of a zero-day vulnerability in session cookies has given rise to a concerning scenario, as at least six malware developers actively exploit this weakness. Detecting compromise in such cases is not immediate, emphasising the need for heightened user awareness and proactive security measures. Here's a detailed guide to fortify your defences: 

 1. Clear Browser Cookies: 

 Begin by regularly clearing your browser cookies. This minimises the chances of unauthorised access through compromised session cookies. 

 2. Unlink Google Account from Unused Devices: 

 Take a moment to review and unlink your Google account from devices that are infrequently or no longer used. This severs potential access points for malicious actors. 

 3. Google Chrome Users, Stay Alert: 

 Google Chrome users should be particularly vigilant. If you notice any unusual activity on your Google account, consider it a potential red flag. Swiftly changing your password adds an extra layer of security. 

 4. Immediate Password Change: 

 In the event of abnormal account behaviour, do not hesitate to change your password promptly. This proactive step helps thwart unauthorised access and safeguards your account. 

 5. Regular Security Checks: 

 Incorporate regular security checks into your online routine. Be mindful of any notifications or alerts from Google regarding your account activity. 

 6. Stay Informed: 

Stay abreast of cybersecurity developments. Keep an eye on reputable sources for updates and insights into emerging threats, ensuring you remain informed and equipped to protect your digital assets. 

By implementing these proactive measures, users can significantly reduce the risk of falling victim to exploits targeting session cookies while bolstering the overall security of their Google accounts.



Time to Guard : Protect Your Google Account from Advanced Malware

 

In the ever-changing world of cybersecurity, a new type of threat has emerged, causing serious concerns among experts. Advanced malware, like Lumma Stealer, is now capable of doing something particularly alarming – manipulating authentication tokens. These tokens are like secret codes that keep your Google account safe. What makes this threat even scarier is that it can continue to access your Google account even after you've changed your password. In this blog post, we'll explore the details of this evolving danger, shining a light on how it manipulates OAuth 2.0, an important security protocol widely used for secure access to Google-connected accounts. 

Of particular concern is its manipulation of OAuth 2.0, leveraging an undocumented aspect through a technique known as blackboxing. This revelation marks Lumma Stealer as the first malware-as-a-service to employ such a sophisticated method, highlighting the escalating complexity of cyber threats. 

The manipulation of OAuth 2.0 by Lumma Stealer not only poses a technical challenge but also jeopardises the security of Google-related accounts. Despite efforts to seek clarification, Google has yet to comment on this emerging threat, giving Lumma Stealer a distinct advantage in the illicit market. 

In a concerning trend, various malware groups, including Rhadamanthys, RisePro, Meduza, Steal Stealer, and the evolving Eternity Stealer, swiftly adopted Lumma Stealer's exploit. This underscores the urgency for users to update their security practices and stay vigilant against the continuously changing tactics employed by malicious actors. 

This vulnerability traces back to an attacker operating under the pseudonym PRISMA, who unveiled a zero-day exploit in late October. Exploiting this flaw provides the advantage of "session persistence," allowing sustained access even after a password change. The revelation emphasises the widespread impact of the vulnerability across various cyber threats, necessitating urgent user awareness and robust cybersecurity measures. 

The exploitation of this vulnerability extends beyond compromising Google accounts, granting threat actors the ability to manipulate various OAuth-connected services. Pavan Karthick M, a threat researcher at CloudSEK, stresses the serious impact on both individual users and organisations. Once an account is compromised, threat actors can control critical services such as Drive and email login, emphasising the urgent need to fortify defences against the ever-evolving cybersecurity landscape. 

As Lumma Stealer and its counterparts exploit vulnerabilities, it's crucial for users to adopt proactive cybersecurity measures. Regularly updating passwords, enabling two-factor authentication, and staying informed about emerging threats are essential steps in mitigating risks. In the face of advancing cyber threats, staying vigilant and taking proactive steps remain imperative to safeguard our online presence.

Reminder: Google Has Started to Purge Inactive Accounts

 

You should log into any old Google account you wish to maintain if you haven't used it in a few years to avoid having it deleted due to Google's inactive account policy. Google revealed the new guidelines in May, stating that account deletions would start as early as December 2023. Since then, Google has begun notifying impacted users through email that their accounts may be deleted starting in the first week of December. 

To be clear, Google has not stated that it will delete all eligible accounts from the first of December.The company intends to proceed in stages, "beginning with accounts that were created and never used again." However, now appears to be as good a time as any to ensure that your old accounts are in order so that you don't risk losing important data.

For a Google Account to remain active for an additional two years, it is often sufficient to simply sign in. Google adds that actions that fall under its policy regarding inactive accounts include sending or receiving emails, using Google Drive, viewing YouTube content, downloading apps from the Google Play Store, searching the Google Play Store, and signing in with Google to access third-party services. 

It's a good idea to confirm that the email address linked to your account is accessible after you log in. This is due to Google's announcement that it will notify affected users of an upcoming deletion through several notifications sent to both their recovery email addresses and affected Google accounts. 

If you want to prevent the deletion of any content stored in Google Photos, you'll need to sign in separately, but logging in to your Google account should be sufficient to stop it from being deleted altogether for two years. According to a 2020 policy, the search giant "reserves the right to delete data in a product if you are inactive in that product for at least two years." Nevertheless, neither accounts with active subscriptions linked to them nor accounts with YouTube videos will be deleted. 

Google stated that it modified its policies for security reasons when it announced the new guidelines in May, pointing out that inactive and outdated accounts are more likely to be compromised. Ruth Kricheli, vice president of product management at Google, stated in the company blog that "forgotten or unattended accounts often rely on old or re-used passwords that may have been compromised, haven't had two factor authentication set up, and receive fewer security checks by the user.”

Avoid Accidentally Sharing Your Location

 


There is no doubt that the devices and apps on your phone want to know where you are-whether to give you the latest weather updates, make suggestions for restaurants that you might enjoy, or allow you to better target advertisements. To keep track of what you share with others and what you do not share with others, and when, it can become very confusing very quickly.  

There is also a possibility that there are inconsistencies in the different location histories logged by your devices: There are some times when you think that you have blocked or turned off Location Sharing on your phone but that you are still tracked, and vice versa. 

Location Tracking: How it Becomes Confusing 

There is nothing more frustrating than being able to keep finding yourself on a map, even though you distinctly recall turning your location tracking off on a device. You might also have thought that you had left the location history feature on, but you are seeing gaps even though you thought you had? In terms of a few explanations, it is essential to keep in mind all the different ways in which your location can be logged by different devices, apps, and websites that you use during the day: your apps, your devices, and your websites. 

A tablet, for instance, might be equipped with a location-tracking feature whereas a phone might have its location-tracking turned off. Another possibility is that your laptop is tracking your location in the background. This is even though you thought you had disabled such a feature in the apps you use. You thought you had disabled it on your laptop. To determine whether or not to enable or turn off location tracking completely, you have to consider all of these different methods of keeping track of your location as well. 

Here is an example of how to use your Google account if you have one. On the web, simply go to your account settings, where you will be able to select Data and Privacy, along with Location History. This will reveal some desktop computers, laptops, and tablets whose movement is being saved to your Google account for future reference. Select Devices on This Account to see which phones, tablets, and laptops have been marked with a checkmark. 

When you click Turn Off, you will be able to disable this feature, but you should be aware of the caveats that appear onscreen once you have clicked the 'Turn Off' button: Your location will still be logged by your mobile device, by the Find My Device service when you are trying to locate a lost device, and by Google Maps when you are trying to navigate or search around the area in which you are. There is a facility in the Location History settings menu that allows you to toggle between different aspects of your location history. This includes the Google Timeline and the ability to search for places you regularly visit in a matter of seconds. 

It is worth noting that there are several other areas where your location is logged and shared from your main Google account screen. A list of specific contacts who can see your location through Google services can be found under Data and Privacy under Web & App Activity, and under People and Sharing under Manage Location Sharing. This allows you to manage location data saved by Google Maps and other applications and websites. 

Mobile Location Tracking and Management 

Depending on the manufacturer of your Android phone, the steps involved in managing your location will differ slightly. However, the menus and instructions involved will generally be similar regardless of the manufacturer of your phone. In Google Pixel phones, you can open up your Settings app, then select Location: Then you will see a switch that allows you to turn off the use of location, which will prevent any of the apps on your device from knowing your location, as well as Google. 

It is also possible to customize location access for individual apps on the same screen if you leave the Use Location toggle switch turned on. If you want to control when apps have access to your location, you can choose to set it to always or only when the app is running in the foreground. The app in the list you choose can be changed by tapping on its name. 

To eliminate the location data that has been collected on you, you need to check the history of all the apps that have had access to your location and check the settings of each and every one of them. You can either choose to delete Location History from your Google account on the web or Web & App Activity under Data and Privacy. This is if you want to completely remove such data from your Google account and Google's apps. Moreover, you will also have the option to automatically delete this information after a period of three, eighteen, or thirty-six months. 

Apple does not seem to log your movements in quite the same way as Google does, but it does build up a list of places you visit frequently (like your home and maybe your workplace) so you can quickly get back there if necessary. Open the Settings app on your iPhone, and then select Privacy & Security, Location Services, System Services, and Significant Locations to remove any items from this list. If you want to stop the list from populating in the future, you can opt to remove this entry from the list. 

On-Desktop Location Tracking 

Since your laptop or desktop computer will not be equipped with GPS capabilities, it will not be able to track your location the way your smartphone can, but you can still log into the internet on your computer through the network connections you use to sign in (via your home Wi-Fi, for example). However, the apps, websites, and operating systems will still have a sense of where you are.

Whenever you open up the Settings app on your Windows computer, you can click on Privacy & Security and then choose Location. As with Android and iOS, you will find that you can turn off location tracking for individual applications (via a toggle switch located on the right of the screen) or turn it off for the entire computer (by selecting the top option). By clicking on Clear next to Location History, you will be able to wipe the log of your travels. In this case, you may view which apps have been using your location, as well as see what apps are currently using your location. 

There will be settings within every browser that will allow you to control the way your location is accessed by websites. Chrome has a setting called Privacy and Security, Site Settings, and Location which can all be accessed from the settings pane; Edge requires opening the settings pane and choosing Cookies and Site Permissions, then Location; on Safari on MacOS, the setting dialog box must be opened before selecting Websites and Location. No guarantee changing these settings will affect any information that the sites have collected in the past. You will have to find out if this is the case by visiting the settings for individual websites.   

New Apple Flaw Exposes Users’ Browser History and Google Account Details

 

A bug has been detected on Apple’s Safari 15, that can leak your recent browsing activity and expose your Google User ID to other sites. The flaw was introduced to Safari 15 via the Indexed Database API (IndexedDB), which is part of Apple's WebKit web browser development engine, according to a Saturday blog post by FingerprintJS. IndexedDB can be utilized to save data on the computer, such as websites visited, so that they load faster when one returns. 

IndexedDB likewise adheres to the same-origin principle, which prohibits websites from freely interacting with one another unless they have the same domain name (among other requirements). Imagine it being under quarantine and only being able to interact with members of your family.  

Moreover, the problem discovered by FingerprintJS allows IndexedDB to break the same-origin policy, revealing data it has gathered to websites from which it did not collect it. Unfortunately, some websites, such as those in the Google network, include unique user-specific identifiers in the information sent to IndexedDB. This implies that if you're logged into your Google account, the information gathered can be utilized to accurately identify the browsing history as well as account information. It can also figure out whether you're logged into more than one account. 

FingerprintJS stated, "Not only does this imply that untrusted or malicious websites can learn a user’s identity, but it also allows the linking together of multiple separate accounts used by the same user." 

They also posted a video demonstrating the type of data that the attack can disclose. The flaw was reported by FingerprintJS at the end of November, but Apple has yet to patch it. All of this is alarming, but there's not much one can do about it at the moment. Because a private tab can't see what's happening in any other tabs, whether private or public, browsing in Safari's Private mode can limit the potential damage. However, it isn't without flaws. 

"[I]f you visit multiple different websites within the same [private] tab, all databases these websites interact with are leaked to all subsequently visited websites," wrote FingerprintJS.

Switching from Safari to another browser can protect Mac users from the flaw, but iOS and iPadOS users are out of luck. While only Safari has been affected on Mac, Apple's requirement that both iOS and iPad web browsers utilize WebKit implies the IndexedDB flaw has affected all of these systems' browsers.