RUSH: I just was made aware of a new phishing attack that is the best I’ve seen, meaning it’s gonna snare lots of unsuspecting people.
First off, if you use Gmail, you are the target. However, it only will affect you if you access your Gmail on a web browser. If you do Gmail inside an email app — say on your phone or on your computer or on an iPad — you’re okay. But if you use Chrome or Safari or Firefox or any other browser to access your Gmail account, now you gotta pay attention. And here’s what happens.
You’re in your Gmail account, and you get an email, and it has an attachment that looks like a PDF file or a Word document that’s attached to it. And it’s not from somebody you know, but it’s in your inbox, and it’ll have an intriguing subject line to make you want to open it. If you open the attachment… Here comes the Dittocam. If you open the attachment, which is a PDF file, or a Word document, this is what you’re gonna see. I’m holding up a Google login page. And this looks identical. It is scary how exact a replica this is.
This is not what you’ll see when you see the email. You’ll have to open the attachment. That’s… In every phishing scheme, there’s either a link or an attachment you have to click on. And if you don’t recognize who the email is from, then ignore this. But if you don’t, I just want to tell you what happens. If you click on the attachment that looks like a PDF file or a Word file, you’re gonna get this Google login page. And you’re gonna think, “Wow. Okay. I guess I have to re-login to get this attachment.”
You’re not gonna think anything’s weird so you’ll log in again even though you think you’re auto logged in. It looks just like the Google login page. One account, all of Google. If you fall for this, whoever these hackers are will have your Google login credentials — and whatever you use them for, this hacker will be able to get in and use. Now, I have not advised Koko… I just found this right before the break at the top of the hour, so I printed this out. I’ll send this up to Koko so he can reproduce this and actually make it understandable here on a page at RushLimbaugh.com. When I get time here, I’ll do it.
I’m still holding it because that looks exactly like any Google login page I’ve ever seen. Now, folks, understand: If you use Gmail on your web browser, this is how you’re affected. It impacts you. Keep in mind, you’re already logged in. If you’re able to download messages, you’re already logged in again. You don’t have to log in again. But if you hit on the attachment that looks like something you want to read, it takes you that login page, and the idea is that you’ll fall for it by thinking, “Oh, maybe I have to re-log in to read the attachment.” Don’t do it. If you do, you will see that it’s not going to Google server because the address of the hacker does not begin with http.
And if it doesn’t begin with http, then it’s not a Google server or any other authorized server. It’s some other entity that you don’t want to mess with. This page that I just showed you that looks identical to the Google login page is not hosted by Google. It’s a re-creation that steals your login credentials as you input a user name and password. And then those credentials that you’ve just given away there are used to gain access to your Gmail account and then further the scam and access whatever they can with your Google.
If you log in to Facebook with your login, whatever you log in with, you’re sunk. And I had an opportunity — since we were talking about these things yesterday — to say, “Here’s what I can use to actually show you how it works.” I will be unaffected because I do not use Gmail and I do not access my email on a web server. But if you do, I just wanted to let you know. Now, again, here’s another thing. Don’t answer an email you get from your employer asking you to share your tax and payroll information.
If you get an email from your boss, and the boss wants you to share your tax ID number, your Social Security, your payroll information, before you reply, check with your boss and make sure this is legit, because that’s another email scam that is continuing to fool people into thinking the company that you work for needs your Social Security number.
And the way this works again is psychological. You work for the XYZ Widget company, and you get an email, and it says, “We need your social.” And you don’t stop to think, “Wait a minute, you already got it.” You think maybe they lost it, maybe they are updating it. So you give it. Don’t do it. Never, ever give up any of these things to entities that you don’t know, or that you in your right mind would not expect to be asking for it.
Now, this scam asking for tax and payroll information, it continues to fool just enough people to keep the con going. Now, there’s another way that you can protect yourself on this stuff, and that’s with LifeLock. Now, despite my evidence, despite every effort I’ve made here to help people, some are still gonna fall for this. Now, if they’re LifeLock account members they have even more added protection, because their computers are constantly being scanned — well, their transactions are being scanned.
As a LifeLock member your online activity is anonymously scanned, and they establish a pattern looking for abnormalities. If an abnormality is found, that’s when you hear from LifeLock. You hope to never hear from them, but if somebody’s hacked you and if somebody’s gotten hold of your personal data and can use it to replicate you, pretend to be you, that can cost you money. That’s where LifeLock steps in and tries to stop it.
If they spot some irregularity, they’ll call you, they’ll email you to alert you to a possible violation of your privacy. If it turns out to be bad news, somebody did get in, then you are introduced to the LifeLock Restoration Unit, which works exclusively to put you back together, so to speak. Now, no one company can insure you from every form of identity theft, but LifeLock is the best.
You sign up today at LifeLock.com. Use my name. Save 10%. You call them at 800-440-4833 as well. And just make sure you use my name. It’s worth 10%. And I’m telling you, folks, with all of these attempts to defraud you, this is a layer of protection you’ll be so happy you have if somebody actually is able to worm their way into your identity. That’s LifeLock at 800-440-4833.