Breaking News

Asia Today ISSN 1861-4604 Saturday, December 16, 2017

Headline

Don’t click that: Gmail users across the world hit by sophisticated phishing attack with Google Docs link

Once the permissions are granted

Share on Facebook May 4, 2017, Reporter : Big News Network, Reader : 397

news

CALIFORNIA, U.S. - In a scam involving an age-old phishing trick - Gmail users across the world have been received a Google Docs link from someone they know. > BNN

The phishing attack that is spreading incredibly quickly asks a user for some permissions to their Gmail account, once they click on the link. 

Once the permissions are granted, which happens more often than not, the attack sends the same link, a spam, to all their contacts. 

People online pointed out that one thing common between all the spam ever sent since the attack began was the email address, hhhhhhhhhhhhhhhh@mailinator.com.

Experts are still trying to understand what the phishing accomplishes, however a Reddit post explaining the scam said, “The attack sends targets an emailed invitation from someone they may know, takes them to a real Google sign-in screen, then asks them to “continue to Google Docs.” But this grants permissions to a (malicious) third-party web app that’s simply been named “Google Docs,” which gives phishers access to your email and address book.”

Many users pointed out that in comparison to any simple email phishing scheme is that unlike others, this scam doesn’t take you to a fake Google page to collect your password. 

The latest attack seems to be working within Google’s system, but takes advantage of the fact that you can create a non-Google web app with a misleading name.

Subsequently, Google is said to have disabled the application and it wasn’t, however, revealed how far the spam spread or if the attack might continue through another application.

Twitterati spread the word like wildfire, using the ‘shared a doc’ on Twitter, to keep friends and acquaintances from clicking on the fraudulent link. 

Matt Tait, a British security expert pointed out on Twitter, “This big phishing attack is clever; an OAUTH based attack. Tricks you into giving 'permission' to read your emails.”

Reports explained that 0Auth is a widely used credentialing standard that keeps you logged into accounts for a long period of time, and can also be used across accounts. 

Hackers often love stealing 0Auth tokens because they can be reused until the user completely logs out of an account on all devices.

Tait explained that the ongoing attack was very similar to a spear-phishing campaign last year carried out by APT28, aka Pawn Storm or Fancy Bear, and documented by the security firm TrendMicro in a recent report. 

However, if you’ve clicked on the link and granted those permissions, an easy way to revoke the permissions is to go to your Gmail account’s permissions settings and remove permissions for ‘Google Docs’ which is the name of the phishing scam. 

 

More Euro Asia news of the month

Photos World leaders, sans Trump vow to do more on climate change

PARIS, France - In a bid to do more in the battle against climate change, dozens of world leaders gathered at a summit in Paris on...

Photos Senator urges Trump to resign, faces Presidential bullying

WASHINGTON, U.S. - In a bid to get back at Kirsten Gillibrand, the Democratic senator for New York, who called on Trump to resign over...

Photos Why did Trump’s most vocal black supporter suddenly quit?

WASHINGTON, U.S. - While the White House claims that Omarosa Manigault Newman, one of  U.S. President Donald Trump's most vocal...

Photos As accusers repeat past horrors, Trump faces calls to resign

WASHINGTON, U.S. - Some spoke about their past horrors when the man contesting to be America’s next president suddenly seemed like...

Photos Explosion rattles NYC’s busiest transit hub, suspect nabbed

NEW YORK, U.S. - An explosion rattled one of the busiest transit hubs in New York City on Monday morning, forcing authorities to...

Photos A stain on America? Trump spars with the ‘fake news media’

WASHINGTON, U.S. - U.S. President Donald Trump locked horns with a Washington Post reporter over what he called ‘fake news’...

Photos Trump urges calm as violence grips Middle East on Jerusalem

WASHINGTON, U.S. - Following U.S. President Donald Trump’s decision declaring Jerusalem as Israel’s capital, violent clashes...

Photos Trump's battle plans against enemies feature a 'spy network'

WASHINGTON, U.S. - A conspiracy theory or an actual body that is working non-stop to undermine the Trump presidency? Whatever it might...

Photos World leaders warn Trump may have doomed Arab peace process

WASHINGTON, U.S. - After the U.S. President Donald Trump announced that the U.S. will recognize Jerusalem as Israel’s capital,...

Flying Reimagined

Stock Index

Saturday, December 16, 2017

Life Style

Photo Gallery

FEUILLETON