Cyber-criminals are always hungry for sensitive and private information such as login name and password. They can take advantage of the powerful search engine, Google by retrieving a filetype XLS with username/password of Gmail users.
Advanced Search Engine and Hackers
Google is one of the advanced search engines for expert surfers that hackers or cyber-criminals enjoy using, as well. With the help of advanced features of Google web search, exact information can be retrieved. Hackers who want to gain access to login credentials by Gmail users will simply use advanced search syntax to crawl a password.
An example is when they want to retrieve a Microsoft Excel or text files containing Gmail passwords and login names, they will need to use a search syntax that can retrieve the said information. Searching for keywords filetype xls username password Gmail hack will display results on how to get Gmail login credentials of other people. By using search syntax, "Login: *" "password =*" filetype: xls returns .xls files containing login names and passwords.
Preventing Gmail Account Hacks
The abusive actions by some people in using search engine are not new to Google or other search engine providers. They are doing their best to protect their customers but people should also help by protecting not only their user account in Gmail, but also the computer. A vulnerable computer allows malware to retrieving or recording what you type or store in your computer, such as passwords, credit card information and other sensitive data.
How to Protect Your Gmail Account
Protecting yourself from a filetype xls username password Gmail hack can be done easily. Simply follow below steps and you should be fine:
- Use antivirus and firewall protection in any networked-enabled device such as desktop, laptop and smartphones.
- Keep the computer and software up-to-date and avoid using unsupported operating systems.
Review the applications and websites that you allowed to retrieve Gmail messages. If their service or software is vulnerable or has been compromised, and your login information is stored in their software or server, your account can be hacked. Also, make sure that you always review which website are authorized to access your Google account data: Login to your Google account, click My Account and then click Authorizing applications and sites. Click revoke access link to disable the site to access your account data.
Review your Gmail Last Account Activity and immediately click Sign out all other sessions, if you found suspicious information e.g. IP address, location and access type. More info about Last Account Activity in Gmail in this article.
Take advantage of the account recovery options in Gmail, in case someone hacked your Google or Gmail account. Simply visit https://www.google.com/accounts and click Recovering your password. You can add another email address, your mobile phone number and secret question for recovery purpose. Make sure that no one other people have access to those accounts, but only you.
Use HTTPS protocol to access Gmail website. Login to Gmail account and then select Settings. Set Browser Connection to Always use https.
- Review the entire settings or options in Gmail. Make sure that your email goes where you want it to e.g. reply to settings, vacation responder, and forwarding and POP/IMAP settings.
- Always clean the computer by using privacy cleaner so that browsing history, cache and cookies are deleted and can’t be used by other users.
- Finally, never give or share your Gmail password to others. Watch out for emails that ask for your username or password. Google never ask for such information to users.
Image credit: Screenshot taken by the author.