On January 18, 2017, the news broke that Google had been hit by yet another phishing attack. The attack, which we documented on our blog, was another in what seems like a constant stream of hacks made on Google. We wanted to understand why this would happen, so we contacted Xen Lategan, an angel tech investor and owner of Ophin Ventures, a London-based venture company, to learn more. Here’s our conversation:
Q: Why does Google seem to be hit so hard and often with phishing scams and cyber-attacks?
These attacks are not random; they are carefully designed and deployed with entrepreneurial intent. To gain maximum exposure, the attacks target the systems that are the most popular with consumers e.g. Gmail. That said - I am very certain there are a raft of sophisticated attacks on other popular email systems, which either have not yet been discovered or are not as well publicised.
Q: What is your best advice to users who want to stay safe while using Gmail?
- Train yourself to be naturally suspicious. If something odd happens (like a PDF you clicked not opening immediately, or something that seems “too good to be true”) immediately investigate or ask a technical expert to check. If uncertain of the source, or if it is a hack, change your password immediately.
- Never re-use passwords. Use a password manager like LastPass.
- Most importantly - Enable 2-Factor authentication on your Google account.
Q: Since so many phishing attempts now look "real", what is the easiest way to tell if it’s a phishing attack vs. a regular email?
It is getting increasingly hard to tell the difference between a normal email and something more nefarious. Again, be naturally suspicious of messages (even from people you know). Never enter a password on a screen without a "Security Lock" in the browser address toolbar, even if it looks just like Google. And again - enable 2-Factor authentication.
Q: Do you think phishing will increase or decrease in 2017 and why?
Definitely increase. Criminal activity evolves in sync with and as rapidly as consumer trends. We are increasingly moving our lives to being digital (i.e. smart homes, watches, etc) - meaning the opportunity for criminals to exploit that will continue.
The value of a digital identity to a criminal is also increasing, as it's becoming less about personal data theft and individual attacks and more towards being a viable weapon en masse (as recently alleged, online "stolen" identities could be used to influence trending news, or blackmail/hijack high-influence individuals for economic, business or political interference.)
Q: What are your predictions for cyber security in 2017?
- Cybersecurity will remain an area of growing interest and investment as the sophistication and frequency of attacks intensify;
- Continued research will expose that many basic building blocks of the internet we thought were keeping us safe e.g. encryption, have had flaws exploited by criminals for years (such as Heartbleed problem with OpenSSL in 2014);
- Finally, I also expect that growing attempts by governments to try and create "backdoors" for citizen protection into major platforms like Facebook, Google, etc. will lead to new major security breaches as criminals use these as well.
About Xen Lategan
Xen Lategan is a Startup Mentor, Investor and Advisor based in London, Shoreditch. He holds various Non-Executive Director and advisory roles, while running his own venture company, Ophin Ltd. Prior to this, Xen was the Chief Technology Officer for News International, a subsidiary of NewsCorp. Xen also previously worked for Google, Microsoft and Accenture. Please follow him on Twitter @Xenophin