Privacy Blog

"Friends don’t let friends get spied on.' – Richard Stallman, President of the Free Software Foundation and longtime advocate of privacy in technology.

This Gmail Phishing Attack Is Fooling Even Savvy Users

If you use Gmail, read this:

Categories: Scams

5 replies

  1. If you had been hacked this could be a perfect phishing attack itself!

    link de-shortens to
    but it seems to require you to switch off any non-vanilla browser extensions to access it – which I am not inclined to do on something that is almost clickbait!


    • —> it seems to require you to switch off any non-vanilla browser extensions to access it – which I am not inclined to do…

      There is an easy way to avoid “switch off any non-vanilla browser extensions to access it.” At least, it works in Chrome. I suspect it works in other browsers although I haven’t tested it in every browser.

      When the obnoxious pop-up appears advising you to turn off the browser extension:

      1. Copy the URL by clicking on it in your browser and copying it.

      2. In your browser, open a “New Incognito Window.”

      3. Paste the URL into the new incognito window.

      4. Press ENTER and read the web page with no impediments.


  2. Thanks for the heads up. But the Forbes article did little beyond scaring the pants off me. This is much clearer to the lay person:

    I have to communicate this information to my even less computer adept spouse and friends. I just asked my husband if he knew the little picture of a picture at the bottom of an e-mail is called a thumbnail. Nope. He’s a CPA who passed his exam the first time around, but he’s not a computer person. I only know it’s a thumbnail from my experience with printing, had to think about it when I read the Forbes article.

    Now I’m wondering what browser extensions have to do with this. And what is a non-vanilla extension?

    I really don’t want to turn on two-factor authentification because I live overseas and probably won’t have the same phone number (or any, as I rely on Skype) when I travel. I’d hate to be stuck with no way to log into my G-mail because I can’t receive a text.

    I often send photo and .pdf attachments to my sweetie or receive them from friends. If I write to said friend separately and ask “Did you send me a picture/.pdf?” and they say yes, does that mean it’s safe to open that attachment? I’m more concerned about .pdfs which are often business related.

    Is it likely G-mail will be able to somehow fix this problem? They have awesome spam filters which is why I use their service.

    Thank you for the heads up on this and for both your newsletters.


    • I was the person who referred to “non-vanilla”, so I had better explain.

      I first met the phrase when trying to implement some manufacturing software. The company wanted all sorts of changes to make the software fit the way they worked rather than slightly amend their ways of working to fit the way established proven software worked.

      We were warned that not implementing the software “vanilla” (as supplied) would lead to problems – and we found that our enhancements (sort of “raspberry ripple”?) led to all sorts of problems – let’s say the red was not raspberry!

      So take the browser as downloaded and you have it “vanilla”. Addins etc. (especially those not made by the browser developer) represent turning the software into raspberry ripple and can lead to problems with some pages not wanting to work (mainly because they want to ensure that they can run javascript code on your computer, run flash and java, display adverts and leave tracking cookies etc.). Most such extensions (especially those downloaded from the “official” addin source) are well behaved and enhance your privacy and security – it’s the web pages that sulk and refuse to display properly!

      The systems manager where I used to work (1980s) said
      “there are three ways to lose money:
      1) On the horses – the quickest
      2) On women (note 1980s) – the most enjoyable
      3) Software enhancements – the most certain!

      Thanks for the alternative link (and the wordforce link within it)!


      • Thank you so much for this explanation. I can tell you from my experience as a writer that raspberry ripple is popular in any number of industries. People just love to fix what ain’t broken. I have taken add ons off my browser because they either added nothing (so why have them) or seemed to impair performance.

        I’m not much of a techie so I have to have things explained to me in excruciatingly simple terms. But I do try to keep up with things, which means I often flounder in my understanding of what I’m reading.

        I like the vanilla-raspberry ripple explanation. Sadly, I was never any good at causing anyone to lose money on me, in the 80’s or any other time. I do come from a family of steeplechasers who won enough money racing and betting on one of their horses to feed their tenants in western Ireland. They lost 12,000 acres to the famine, but not one single tenant. Too early for software, though. I’m sure we could have lost money on that.

        Thanks for the detailed explanation. I’ve done some more research and will be explaining it to my sweetie tomorrow.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.