- Hi guys.
Welcome back.
Episode nine already.
Thank you for being here with me.
Thank you to everybody who's joined up on my Snapchat.
Handle is joenegem.
Really really appreciate your support.
Appreciate your love.
If you're on YouTube, your likes and your subscribes are
music to my ears.
So please keep doing it and that way I can keep producing
these videos.
Now today, here to talk about something
that's very very urgent and time critical so.
If you are a user of Gmail,
there's something you need to know.
There is a big successful scam going on right as we speak.
It's been active really really immensely in the last,
I guess, 10 days and especially in the last
three to four days.
It's a scam and it's based off a fishing attack.
If you remember, a fishing attack is a way that baits you
into taking some sort of action.
So the way this fishing scam works
is it uses your existing contacts list
to send you an email that appears to come
from a legitimate contact.
So that contact will send you an email
based off a previous interaction.
So something that's actually happened in the past.
They'll send you that email, they'll have an attachment,
probably with the same name that was used
when they first interacted with you.
So for all intents and purposes,
it looks extremely extremely legitimate.
Now this attachment isn't actually an attachment.
It's an image that's in line with that image.
Meaning you don't have to double click it to then open it.
You simply have to click and the, you know,
a little bit of a picture in the body of that email message.
As soon as you click that, what happens is
another window pops up.
And asks you to login.
Now, being a web-based user, you know
that it's quite often that you have to re-log in.
Perhaps your session expired,
perhaps you've gone away.
So it's not, you know, not really that foreign to you
that you would have to login
especialLy after clicking an attachment.
So, you login.
Now if you remember, the URL tends to be an indicator
but in this case, URL looks extremely legitimate.
It's not because it's pre-fixed with something.
For the average person looking at it,
it looks completely 100% legitimate.
So you click the link.
You get the login screen.
You give it your username, your Gmail username,
your Gmail password, you login.
Guess what?
Hackers just stole your username and password.
And this fishing scam keeps going and going and going
and it grows exactly in that manner.
So how do you know you got scammed?
Well here's the interesting bit.
It's not that easy to tell.
So on that new popup login window,
if you have logged in,
you're a done deal.
Your goose is cooked.
Your chicken is ready
You've been compromised.
Now, if you try and recall in the last week or so
if this has happened to you,
an interesting part of this fishing attack is
it's actually not easy to know
whether you have been compromised.
Sometimes in attack, all their looking for
is to go through your emails.
So if they do do that, I know this for example,
there's an option in Gmail,
you can select all your emails and download them.
So that you control them later.
So if they've down that, the only way you can really know
is to go through your activity log.
Other than that, you're kind of on your own.
So...
There's three things here I want you to be aware of.
Number one,
if you've logged into Gmail,
you do something, and then you're prompted to login again,
you really need to think long and hard whether
you are being scammed or whether is legitimate.
The only time you should really have to login again
is if you've been inactive for quite a long period of time
or if your browser has closed
or if you've gone cross browser,
meaning you started in one browser
and somehow tried to open a link or something
in a different way.
That would be sort of the only circumstances.
Other than that, really you need to take a step back,
pause, try and work out what's going on
and if you can't work it out,
close your browser, start again.
Second thing we can do and this is something--
I was actually gonna talk about later on
but what you need to do is turn on
two factor authentication.
So the way we verify our identity
is usually with a password.
A password goes with your username
and is a form of verifying who you are.
So that password is something that you know.
We all do it and we've been doing it for decades now.
What I would like you to do add is
a second form of authentication
which is something you have.
Something you have, generally a token,
a one-time passwords, something that's very short term.
And the way it works is,
even though someone may have your password,
the password by itself is not enough.
It's not enough over verification of identity.
So Gmail would then ask you for another form of verification
which occurs through this single one-time token.
You can receive that extra token in several ways.
Oh and before I get too ahead of myself,
once you've used that token once,
that's it, it's done, you can't use it again.
So even if someone was to capture
those two bits of information and replay it,
do it back again, that's not gonna help them.
So I'm gonna show you now one or two ways.
The first one is through a kind of a pin.
It's a six digit ID
which we can receive through an application
and the other way that Google allows us
is actually through a phone call.
Now, I hate the phone call myself
but my wife absolutely loves the crap out of it
and I don't know why.
I think 'cause she feels like she's getting a phone call.
What I'm gonna do now is turn on two factor authentication
and just let you hear what a phone call
from Google would sound like
and how it will supplement your log in process.
Alright, so let me demo the first method
that Google provides which is to receive
a one-time password or one-time token via a phone call.
So when you login with your password,
you will then be prompted to enter the authentication token
that I will receive in about two seconds via the phone.
(phone ringing) Here we go.
So what does this sound like?
(phone ringing)
Accept.
(phone ringing)
Accepting.
- [Operator] Hello, thank you for using
Google song verification.
Remember, you should not share this code with anyone else.
And no one from Google will ever ask for this code.
Your code is
5-7-2
1-8-0.
Again your code is,
5-7-2
1-8-0.
Goodbye.
- Goodbye.
So that was automated, you see.
Not a human being.
I enter that in and then I'll be able
to access my Gmail account.
Alright.
So let's go inside.
I'll show you the other option
which I find more convenient which is to receive
this one-time token via an application
and we'll go inside, demo it,
show you how it works so you can set that up.
Let's do it.
In this part, we're going to turn on two-step authentication
on our Gmail account.
So what we're going to do is go to
myaccount.google.com.
I'm going to sign in to my Gmail account.
Now, I just want you guys to know as well
that I literally did not know what my passwords are
for any of my Gmail accounts.
They are far too long and far too complicated
for a human being to remember.
So, if you recall from my previous video,
I do use LastPass so it's my treasure chest.
I need to login to that, yes.
So once I've logged in,
everything else will be opened up and available to me.
So, let's login into LastPass.
LastPass is filling in my username.
LastPass is also filling in the password.
So that password does not come from the browser.
Let's be very clear on that.
It's not some sort of cached version or anything like that.
It's coming from LastPass so let's sign in.
On the my account page, this is essentially what you get.
I want you to click on Signing into Google.
Over here, we can see that two verification is off.
We're gonna click that arrow there.
You can read all the benefits about it.
Then you click get started.
By way of ensuring double security,
it's a actually prompting you to sign in again.
So this is completely legitimate
and not a fishing scam.
Because sometimes if you remember, they're tryin'--
some of these scams ask you to login again
so they can capture your username and password.
In this case, there's nothing fishy about this URL.
It's not redirecting anywhere else.
It's over a secure session and I know for a fact,
having done this many many times
that this is how Google ensures security.
So let's sign in.
So a couple ways we can do this.
It knows my phone number from another entry I have.
I'm gonna select text message and you can choose phone call
in which case you'll get a literal phone call
from a computer and it will enunciate your password
or your special token.
So I'm gonna click text message and next
and let's see if I get an SMS.
Boom.
There it is.
Alright, so Google has sent me an SMS.
In that SMS, it's given me an six-character code
and I don't mind showing you this
because it's actually useless after I use it.
So there's no security repercussion
and all I'm doing here is confirming that this phone number
does actually belong to me.
I have the phone in my possession.
I can access the message, I can unlock the phone
and I can enter it and click next.
That way Google knows that I own this.
Now that you've turned it on, see how it works,
turn on two-step for your verification account,
I wanna say, yeah baby turn that on.
Done!
Now, just quickly, what I want to mention is
you can also setup an app on your phone.
So instead of getting an SMS, you can simple go into the app
and it will give you the extra code.
So every time you login, you can do it that way.
Or for now, I'm very happy to receive an SMS with the code.
You can change it later on.
You can setup certain backups.
What I'll probably would recommend
is setting up this backup phone over here.
So God forbid you lose your phone temporarily
or you lose your number,
maybe upon or someone has a phone.
You can also add them in as a secondary.
Meaning you can switch to the secondary
if something does happen to your phone
and you can't still access your account
so you don't get locked out.
So that's it guys.
You've actually done it.
So what I'm gonna do right now,
is close this window.
I'm just gonna clear my cache
and then I am going to log back into my Gmail.
And let's see if it's going to prompt me for anything else
over and above my username and password.
So I'm gonna go to mail.google.com.
I'm gonna put in my Gmail account.
Hot tip, don't tick this box.
It bypasses the security.
So, I'm gonna select my Gmail account,
we go next.
LastPassword's in the password.
Now, do not have this box ticked.
It does circumvent security precaution that we're taking
because it lives, I think, for something like 30 days
on your computer which means
you do not have to answer this in.
So it can be convenient if you really really trust
people who access your computer
or if you think you have the most amazing
cybersecurity on earth.
Yeah, okay that's cool.
But otherwise, turn that off.
I highly highly recommend it.
So I just got an SMS as you may have heard.
I've got a code.
So I've put in my username and password
but it's still not enough.
Google is not happy.
It now demands this code which I've just received via phone.
Put in that code.
And what happens?
I'm in.
Done.
So that guys, is two-step verification.
Thank you for watching.
I hope you enjoyed it.
If you love what I do,
please like my videos.
Please subscribe to my channel.
Thanks again and I can't wait to see you guys
in the next episode.
Bye bye.
For more infomation >> куда идём мы с братьямми? - Duration: 5:50. 
For more infomation >> periodista estadounidense bajo el fuego Ucraniano ✭ Donbass Debaltsevo 28.01.2017 Subtitulado - Duration: 16:17. 
For more infomation >> [SUB ESP] 161203 "2017 iQiyi All Star Carnival" Entrevista Exclusiva con LuHan - Duration: 5:01. 
For more infomation >> Дети. Как их сделать самостоятельными? Дина Гумерова - Duration: 4:25. 
For more infomation >> 2017, are you ready? - Duration: 1:17. 
For more infomation >> (남성전용테스트) 같은사람인데 한쪽이 더 매력적으로 보인다면? 당신에게는 가임기 여성을 찾아내는 초능력이 있다! - Duration: 3:06. 
For more infomation >> Coras le propina una dolorosa derrota al América en la Copa MX - Duration: 1:03. 
For more infomation >> Silvio Romero hace el segundo de América al definir con gran categoría - Duration: 0:58. 
For more infomation >> Eleanor Tomlinson cuts a stunning figure in plunging velvet jumpsuit - Duration: 2:14. 
For more infomation >> Мультики для детей ЩЕНЯЧИЙ ПАТРУЛЬ Новые серии от Tyomka КРЕПЫШ ВЕЛИКАН Видео для детей про игрушки - Duration: 4:43. 
Không có nhận xét nào:
Đăng nhận xét