![]() Google also quickly updated Safe Browsing and Gmail with warnings about the phishing emails and attempts to steal personal information. Many of those domains were taken down within 15 minutes of the first reports. The Twitter account has been taken down, and a message to the Gmail account from Threatpost bounced back.īojan Zdrnja, a handler with the SANS Internet Storm Center, identified a number of spam domains involved, all with different TLDs for googledocsg-docsxxxx or googledocsdocscloudxxxx. A Twitter account profile bearing that same Gmail address said Pupov was a Coventry (U.K.) student and tweets from the account yesterday claimed the emails were not a phishing attack, but a graduate final project. Also, the developer information associated with the Google Docs malicious app was linked to a Gmail address connected to a Eugene Pupov. While the ruse was convincing in its simplicity, there were a number of red flags, including the fact that a Google service was asking for access to Gmail, and that the “To” address field was to an odd Mailinator account. OAUTH is a standard that allows the user to authorize account access to third-party applications through the exchange of an authorization token behind the scenes, rather then requiring a password from the user. The messages claimed that someone wanted to share a Google Doc with the victim, and once the “Open in Docs” button in the email is clicked, the victim is redirected to a legitimate Google OAUTH consent screen where the attacker’s application, called “Google Docs” asks for access to victim’s Gmail and contacts through Google’s OAUTH2 service implementation. Many of the phishing messages came from contacts known to victims since part of the attack includes gaining access to contact lists. The messages were a convincing mix of social engineering and abuse of users’ trust in the convenience of mechanisms that share account access with third parties. There’s no further action users need to take regarding this event.” “While contact information was accessed and used by the campaign, our investigations show that no other data was exposed. “We were able to stop the campaign within approximately one hour,” a Google spokesperson said in a statement. Other security measures were pushed out in updates to Gmail, Safe Browsing and other in-house systems. Google took measures to protect its users by disabling offending accounts, and removing phony pages and malicious applications involved in the attacks. ![]() In a statement, Google said that fewer than 0.1 percent of Gmail users were affected as of last February, Google said it had one billion active Gmail users. Or quite possibly being without your computer while your computer technician cleans up the mess.Google said that up to 1 million Gmail users were victimized by yesterday’s Google Docs phishing scam that spread quickly for a short period of time. ![]() Just imagine how long it will take to sit down and change all your passwords as well as other personal information later. It will cost less to pay attention now than it will later. Take a few extra minutes to login normally. We all understand how important business is. By doing this it will not ask to give permission to third parties like the scam is doing. The other ways to combat this is to not click any links in the Google Docs shared email. Are there typos in any part of the document? You have to ask yourself am I expecting a document from someone? Or check to see who it’s addressed to. For instance, in the case of the current Google Docs scam. As users we have to be more vigilant and question more often. We have always chased the “Robbers” as that’s the name of the game. While the hackers and the scam artists are the “Robbers”. You and the security firms like Kaspersky and Sophos are the “Cops”. Think of it like the good old game we played as kids “Cops and Robbers”. Hackers and scam artists are always steps ahead, which will never change. Phishing scams are getting worse and looking more legitimate with each day that passes. This is nothing new and this exact type of Google Docs scam has been done before. ![]() I keep tripping over this Google Docs phishing scam. Last night I was reading news from many different sources. ![]()
0 Comments
Leave a Reply. |