Don’t let your curiosity get the better of you. A new scam appears to be an email from Google, informing you that someone has shared a photo album with you. But it’s really a phishing scheme that’s after your password.
How the Scam Works
You get an email or text message that appears to come from Google Photo. Someone is sharing an album of photos with you. To view the photos, you just need to click the link. The message looks so real! It may use a convincing URL, which has been created by Google’s goo.gl URL shortener to appear to be an official Google domain name. The message also seems to come from the email email@example.com.
The catch? There is no photo album. It’s a phishing con. When you click the “View Photo” link, it will open in your web browser and prompt you to log into your Google account. If you enter your information, you are giving scammers your username and password. Con artists can now access your email account as well as any other accounts that use the same login information.
How to Protect Yourself from Phishing
Follow these tips to protect yourself from this and other online phishing scams.
- Never click on links in unsolicited messages. Phishing scams direct you to websites that look official, but these sites may be infected with malware. If you don’t know and trust the person who sent you the message, don’t click on any links.
- Be careful with shortened links. Con artists often use link shorteners, such as Bit.ly or Goo.gl, to disguise scam links. Be extra cautious when following one of these links because you can’t tell where it leads.
- If it seems strange, it may be a scam. Be wary of any message that comes from a friend but seems out of character. (For example, an old work acquaintance who contacts you out of the blue.) It may have originated from their account, but they could be victims, too.
- Don’t fall for “urgent” scams. Scammers like to cause alarm to create urgency. You might get a message that indicates you’re in a compromising video, your password is being reset, your account is in danger of deactivation, or some other dire situation that needs immediate attention. If it seems unlikely, watch out.
For more information:
Read more about common phishing scams and how to avoid them at BBB.org/PhishingScam.
If you’ve been a victim of this or another phishing scam, be sure to report it at BBB.org/ScamTracker. Your report can help others to spot a scam before it’s too late.