(OT) Google: "Somebody knows your password"

[Xen]

Joel Rees schreef op 04-08-2017 8:05:

> Or, if you are not using plaintext, the displayed URL can be different 
> from the actual link.

What Joel means is that HTML emails can hide the actual URL you are 
visiting and show you something else.

The DNS poisoning thing would require for example a (Windows) computer 
to be compromised and the "hosts" file to include an entry for 
google.com or whatever, causing lookups for that domain to go there. 
Unlikely perhaps. Same could happen on Linux but even more unlikely at 
this stage.

With regards to SSL/TLS certificates... if there is a fishing attack and 
the browser thinks it is going to https://account.google.com/ or 
whatever, then the browser will request the certificate from the server. 
It will then verify that the certificate contains the URL you just 
visited, and that it can validate the certificate according to a root 
certificate present in its own (local) database.

So typically it should not be possible that anyone can impersonate that 
website, unless of course the computer was also compromised, and a 
validating certificate was added by the hacker to the root certificate 
store of your browser (or computer).

So if there is actually a malware on the computer then both could and 
would be possible and you could indeed go to https://account.google.com 
or whatever and not know you were being misled.

If there is not any malware on the computer, then it should not ever be 
possible.

I assume this isn't the case, so the only possibility would be that the 
link you click on is different from what the browser shows you.

But I would indeed follow Joel's advice if I were you.

> Use a different device, preferably on a network you trust, go directly 
> to Google by typing the address in the browser URL field. Change your 
> passwords again, to something completely different.