Breaking News

Asia Today ISSN 1861-4604 Wednesday, May 24, 2017

Headline

Don’t click that: Gmail users across the world hit by sophisticated phishing attack with Google Docs link

Once the permissions are granted

Share on Facebook May 4, 2017, Reporter : Big News Network, Reader : 367

news

CALIFORNIA, U.S. - In a scam involving an age-old phishing trick - Gmail users across the world have been received a Google Docs link from someone they know. > BNN

The phishing attack that is spreading incredibly quickly asks a user for some permissions to their Gmail account, once they click on the link. 

Once the permissions are granted, which happens more often than not, the attack sends the same link, a spam, to all their contacts. 

People online pointed out that one thing common between all the spam ever sent since the attack began was the email address, hhhhhhhhhhhhhhhh@mailinator.com.

Experts are still trying to understand what the phishing accomplishes, however a Reddit post explaining the scam said, “The attack sends targets an emailed invitation from someone they may know, takes them to a real Google sign-in screen, then asks them to “continue to Google Docs.” But this grants permissions to a (malicious) third-party web app that’s simply been named “Google Docs,” which gives phishers access to your email and address book.”

Many users pointed out that in comparison to any simple email phishing scheme is that unlike others, this scam doesn’t take you to a fake Google page to collect your password. 

The latest attack seems to be working within Google’s system, but takes advantage of the fact that you can create a non-Google web app with a misleading name.

Subsequently, Google is said to have disabled the application and it wasn’t, however, revealed how far the spam spread or if the attack might continue through another application.

Twitterati spread the word like wildfire, using the ‘shared a doc’ on Twitter, to keep friends and acquaintances from clicking on the fraudulent link. 

Matt Tait, a British security expert pointed out on Twitter, “This big phishing attack is clever; an OAUTH based attack. Tricks you into giving 'permission' to read your emails.”

Reports explained that 0Auth is a widely used credentialing standard that keeps you logged into accounts for a long period of time, and can also be used across accounts. 

Hackers often love stealing 0Auth tokens because they can be reused until the user completely logs out of an account on all devices.

Tait explained that the ongoing attack was very similar to a spear-phishing campaign last year carried out by APT28, aka Pawn Storm or Fancy Bear, and documented by the security firm TrendMicro in a recent report. 

However, if you’ve clicked on the link and granted those permissions, an easy way to revoke the permissions is to go to your Gmail account’s permissions settings and remove permissions for ‘Google Docs’ which is the name of the phishing scam. 

 

More Euro Asia news of the month

Photos What does Trump's son-in-law Jared Kushner know, that America doesn't? Will the FBI untangle the Russia mystery?

WASHINGTON, U.S. - Days after former FBI Director Robert Mueller was appointed as the special counsel to head the investigation into the...

Photos Following U.S. arms deal, now Boeing confirms signing several defense and commercial deals with Saudi

RIYADH, Saudi Arabia - As U.S. President Donald Trump made his first foreign trip since taking power, he headed to Saudi Arabia, in...

Photos With a heavy baggage of anti-Muslim rhetoric, Trump tells Arab allies in desert Kingdom to ‘honestly confront Islamist extremism’

  RIYADH, Saudi Arabia - Hoping to secure a victory overseas, after being burdened by the constant controversies gripping his...

Photos What Facebook really thinks of posts on hate speech, terrorism, pornography, self-harm revealed in shocking policy leaks

CALIFORNIA, U.S. - A shocking set of leaks reported by The Guardian have revealed how Facebook Inc moderates issues such as hate speech,...

Photos Trump’s impeachment might be a distant possibility

WASHINGTON, U.S. - Following a turbulent week at the White House, now reports claim that White House lawyers are preparing for the...

Photos Trump’s arms deal worth $110 billion with Saudi Arabia

RIYADH, Saudi Arabia - During his first foreign trip after taking office, U.S. President Donald Trump signed a $110 billion arms deal...

Photos What Trump believes investigators will find at the end of ‘single greatest witch hunt’ in U.S. history: Nothing!

WASHINGTON, U.S. - Commenting on the federal probe into Russia’s role in the 2016 U.S. Presidential election, Donald Trump has...

Photos As exasperation with Trump’s scandalous actions grows within his own party

WASHINGTON, U.S. - Following two weeks of outrageous actions, U.S. President Donald Trump now finds himself in a place where not many...

Photos A day after firing the man probing the Trump-Russia connection

WASHINGTON, U.S. - More shocking leaks continue to pour out of Trump’s oval office - that has become the epicenter of controversy...

Flying Reimagined

Stock Index

Wednesday, May 24, 2017

Life Style

Photo Gallery

FEUILLETON