Gmail phishing attack making the rounds, looks to be very effective at lookign legitimate

[Stocking Anarchy]

If I am reading this correctly it is an old phishing attack that is making the rounds. I haven't heard of it before and the pages it produces look very legitimate.

Some awesome info learned from the article was how to check if someone else has been accessing your gmail account.

If you use GMail, you can check your login activity to find out of someone else is signing into your account. Visit (you need an account to see links) for info. To use this feature, scroll to the bottom of your inbox and click “Details” (very small in the far lower right hand corner of the screen). This will show you all currently active sessions as well as your recent login history. If you see active logins from unknown sources, you can force close them. If you see any logins in your history from places you don’t know, you may have been hacked. [Thanks Ken, I pasted your comment in here almost verbatim. Very helpful.]

(you need an account to see links)

[Salivating Slorg]

Enabling 2-step verification protects against this since I get a text / email any time I log in from a new location.

[Aura]

Yeah, enabling 2FA is the most effective. It should be the standard for all sites now, good thing a lot of sites are implementing it.

[godofred]

Thankfully, a lot of sites are implementing it, but worryingly enough, a lot of major sites don't look like they have 2FA planned in the near future(Facebook, Twitter, Reddit, etc.)

[Aura]

Thankfully, a lot of sites are implementing it, but worryingly enough, a lot of major sites don't look like they have 2FA planned in the near future(Facebook, Twitter, Reddit, etc.)

Yeah, I really think Skype should get it as well. It's a huge target for people trying to crack into their accounts, so I don't know why they don't do it.

[godofred]

Yeah, I really think Skype should get it as well. It's a huge target for people trying to crack into their accounts, so I don't know why they don't do it.

I kinda understand it from an implementation perspective. It would cost more to actually implement 2FA(even if it's optional) than to just continue with what they're currently doing. "If it ain't broke, don't fix it" philosophy. Even with concerns about security, most big sites would rather put the burden of account security on the users instead of trying to make things safer through their own means.