Gmail Accounts Compromised By Chinese--Again; Should Advisors Trust Google? Hot
The phishing attacks announced Wednesday on Google's blog aren't believed to be tied to a hack attack originating from China in late 2009 and early 2010.
That intrusion targeted the Google's security systems and led Google to exit business operations in China.
A phishing attack is not a direct assault on Google's security. It requires Gmail users to get fooled into giving away their credentials.
In that sense, today's phishing attack revelation is not as bad as the hacking of Google in 2009. But the phishing attack disclosed today underscores the risk-reward tradeoff Google users must face.
Because Google is so easy to use, it is so widely-used. But because it is so widely used, it is a big, attractive target. It is subjected to more threats and schemes by hackers and phishers than small mail systems where the payoff in stealing identities, passwords, credit cards, and other personal data is not as big.
For advisors, using Gmail is fine for passing unimportant information that you're not worried about being compromised. But I don't know that it is wise to use Gmail for private information--client data and sensitive information.
So advisors using Gmail to route newsletter subscriptions and other information not related to business may be just fine. The trouble is when you are in a rush or make a mistake and use the Google account to communicate with a client or vendor. It's easy to suddenly have confidential information going through the Gmail account even when you intended to keep that account segregated. So you just need to be cautious to be sure you don't fall into that trap.
Google is a great company and has great security systems for reducing its risk of being compromised, and these measures are discussed in its blog post today.
Phishing is caused by user error and not Google's security, however, and even Google's sophisticated systems for detecting phishing attacks were not enough to protect the accounts most recently hijacked--and these were accounts by people who had reason to be paranoid about security.
As great as Google is, I'm keeping my personal data off it. do you think I am paranoid? Or do you trust Google with your personal data and information about your business?