Recent events have highlighted the growing sophistication of cybercriminals who exploit advanced technologies, such as large language models and AI-generated chat tools, to hack into email and social media accounts. Last week, a story about a security consultant nearly falling victim to a complex AI-driven hacking attempt on his Gmail account gained significant attention. In the latest development, researchers revealed a concerning number of malicious apps that infiltrated the official Google Play Store over the past year. Additionally, the U.K.’s Action Fraud team, a law enforcement initiative, has alerted users across all email and social media platforms about ongoing threats that have led to over 33,000 victims losing more than $1.8 million in total due to hacked accounts. Here’s what you need to know and the immediate steps you should take to safeguard your Gmail, Outlook, Facebook, and X accounts.
Action Fraud Urges Users to Enable Two-Factor Authentication
Action Fraud, the U.K.’s national reporting center for fraud and cybercrime, is a joint effort by the City of London Police and the National Fraud Intelligence Bureau. When this organization issues warnings, it’s essential to heed their advice, no matter where you are located globally. Although the reporting service specifically addresses cybercrime incidents in England, Wales, and Northern Ireland, the recommendations provided hold relevance for users worldwide.
A prime example of this urgency is the recent warning issued during Cybersecurity Awareness Month, urging users of all email and social media platforms to secure their accounts against hackers, scammers, and fraudsters. The reported statistics, including the number of victims and the financial losses, pertain to a single year, ending in August 2024, covering only attacks that were reported to Action Fraud in the aforementioned regions. However, these figures are significant enough, when considered globally, to warrant attention and action. Consequently, Action Fraud is using social media to encourage users to strengthen the security of their Gmail, Outlook, Facebook, and X accounts.
“Cyberattacks and hacking are carried out by faceless cybercriminals who target unsuspecting victims looking to take advantage of unprotected social media and email accounts,” stated Adam Mercer, deputy director of Action Fraud. He emphasized the importance of enabling two-step verification for added security: “If you have the option, enable 2-step verification to ensure you have twice the protection for all your accounts.” Although two-step verification, also known as two-factor authentication (2FA), cannot guarantee complete security, it significantly complicates the process for hackers and scammers attempting to access your accounts.
To activate 2FA, users should check the support pages of their respective email and social media platforms for detailed instructions.
Adopting Passkeys to Enhance Account Security
Since 2012, the Fast Identity Online (FIDO) Alliance has been working to forge partnerships to improve interoperability among various authentication technologies. Their ongoing efforts are beginning to make a noticeable impact on user account security. Recently, a new credential exchange protocol, developed by FIDO and partners such as Apple, Google, Microsoft, Samsung, and password management services like 1Password, Bitwarden, Dashlane, Enpass, NordPass, and Okta, has been published in a working specification format.
This new protocol aims to facilitate secure, end-to-end encrypted passkey transfers among different vendors. Passkeys provide an additional layer of security that surpasses traditional username and password combinations in terms of secure account login and user authentication. Essentially, passkeys combine the benefits of login credentials and two-factor authentication into a single, user-friendly, and more secure solution. According to a FIDO spokesperson, “Sign-ins with passkeys reduce phishing and eliminate credential reuse while making sign-ins up to 75% faster,” and are “20% more successful than passwords or passwords plus a second factor…”
Keep Your Google Chrome Browser Updated with Security Fixes
Recently reported attack campaigns utilizing the new ClickFix methodology employ social engineering tactics and fake Google Meet conference pages to bypass the security measures built into the Google Chrome web browser. While the standard defenses against social engineering attacks, such as enabling two-factor authentication on accounts, remain the most effective way to avoid falling victim to phishing scams, there is an additional straightforward protection measure: ensuring that your Google Chrome browser or any Chromium-based browsers are up to date. Cyber attackers often exploit web browser vulnerabilities to gain access needed to carry out their malicious activities. Therefore, it’s crucial to eliminate this potential security breach, a step that is both practical and easy to implement.
Google has confirmed the latest security patches for desktop versions of Chrome on Linux, Mac, and Windows, along with updates for the Android version used on smartphones. These updates address 17 vulnerabilities, 13 of which were identified and reported by external security researchers. While it is not essential to understand the specifics of these vulnerabilities, it is critical to know how to protect yourself from the repercussions of potential exploitation by malicious actors. Fortunately, ensuring your protection is simple, provided you follow all the necessary steps. However, it is essential to complete the final step of closing and restarting the browser; otherwise, you will not benefit from the latest security fixes.
To update your browser, navigate to the Help|About option in the Chrome menu. If an update is available, it will download automatically. Once the download completes, Chrome will prompt you with a relaunch button. Be sure to save and/or close all open tabs before clicking this button. Following this, Chrome will restart, and your browser will display the current, fully patched version for your operating system.
As cyber threats become more sophisticated, it’s imperative to stay vigilant and take proactive steps to secure your online accounts. Enabling two-factor authentication, adopting passkeys for added security, and keeping your browser updated with the latest security fixes are crucial measures to mitigate the risks posed by cybercriminals. By following these guidelines, you can significantly enhance the protection of your email and social media accounts against potential hacking and fraud attempts.
