"People should look out for unexpected emails or emails from people they haven't talked to in a while. If you're ever blind carbon copied, or bcc'd, that's usually a red flag."
An ounce of prevention is worth a pound of cure — or in this case, the headache of having an email account taken over.
Google has confirmed many of its users were targeted by a sophisticated phishing scam Wednesday. About 1 million Gmail users — less than 0.1 percent of total users worldwide — received an email supposedly from a friend with an invitation to view an attached "Google Doc," or document hosted through Google's services.
Those who clicked the link were redirected to a real Google security page to enter their credentials — but instead of gaining access to a document, uses gave a malicious application permission to access their accounts and contact list.
"This isn't necessarily a new scam," said Russel Kahle, director of technology for the McPherson School District. "People should look out for unexpected emails or emails from people they haven't talked to in a while. If you're ever blind carbon copied, or bcc'd, that's usually a red flag."
Poor spelling and grammar are also warnings that an email is not from a legitimate source. If it looks fake, Kahle advises caution and verification.
"Make a new email to ask the person if they meant to send it to you," Kahle said. "Don't just hit reply — that will go to the scammer."
Another way to check an email's authenticity is to simply look at the email address — not the contact name — to see if it matches. If it doesn't, it's probably a scam.
Those who have already fallen for the scam should contact an appropriate technical support group, and if the affected email or computer is connected to a network, contact the network supervisors.
In addition, users should take precautions to ensure they don't fall victim in the first place.
"The biggest thing to do in change your passwords, especially if you use the same one for multiple accounts," Kahle said. "Hackers might use your password to get into other places, which just makes everything that much worse."
Make sure passwords are difficult to crack, as well. The Better Business Bureau recommends using passphrases, rather than passwords, to safeguard accounts. While passwords are usually a single word, passphrases combine multiple words that are much harder to guess.
"You could have something like 'pumpkin water slide glucose,'" Kahle said.
Other strategies include replacing letters with numbers or symbols — '3' in place of 'e,' for example — and using different passwords for different accounts. Be sure to store passwords in a secure place away from the device it unlocks. The Better Business Bureau also recommends changing passwords every four to six months.
"Another thing you can use is two-factor authentication," Kahle said. "It adds another step to the login process, such as scanning a fingerprint or typing in a PIN. It can be annoying, but it keeps your data safe."
Kahle also recommends keeping backups of important files in case data is compromised.
To find out how to add two-step verification to an account, or other security tips, visit www.lockdownyourlogin.org.