Breaking News

Asia Today ISSN 1861-4604 Monday, June 26, 2017

Headline

Don’t click that: Gmail users across the world hit by sophisticated phishing attack with Google Docs link

Once the permissions are granted

Share on Facebook May 4, 2017, Reporter : Big News Network, Reader : 372

news

CALIFORNIA, U.S. - In a scam involving an age-old phishing trick - Gmail users across the world have been received a Google Docs link from someone they know. > BNN

The phishing attack that is spreading incredibly quickly asks a user for some permissions to their Gmail account, once they click on the link. 

Once the permissions are granted, which happens more often than not, the attack sends the same link, a spam, to all their contacts. 

People online pointed out that one thing common between all the spam ever sent since the attack began was the email address, hhhhhhhhhhhhhhhh@mailinator.com.

Experts are still trying to understand what the phishing accomplishes, however a Reddit post explaining the scam said, “The attack sends targets an emailed invitation from someone they may know, takes them to a real Google sign-in screen, then asks them to “continue to Google Docs.” But this grants permissions to a (malicious) third-party web app that’s simply been named “Google Docs,” which gives phishers access to your email and address book.”

Many users pointed out that in comparison to any simple email phishing scheme is that unlike others, this scam doesn’t take you to a fake Google page to collect your password. 

The latest attack seems to be working within Google’s system, but takes advantage of the fact that you can create a non-Google web app with a misleading name.

Subsequently, Google is said to have disabled the application and it wasn’t, however, revealed how far the spam spread or if the attack might continue through another application.

Twitterati spread the word like wildfire, using the ‘shared a doc’ on Twitter, to keep friends and acquaintances from clicking on the fraudulent link. 

Matt Tait, a British security expert pointed out on Twitter, “This big phishing attack is clever; an OAUTH based attack. Tricks you into giving 'permission' to read your emails.”

Reports explained that 0Auth is a widely used credentialing standard that keeps you logged into accounts for a long period of time, and can also be used across accounts. 

Hackers often love stealing 0Auth tokens because they can be reused until the user completely logs out of an account on all devices.

Tait explained that the ongoing attack was very similar to a spear-phishing campaign last year carried out by APT28, aka Pawn Storm or Fancy Bear, and documented by the security firm TrendMicro in a recent report. 

However, if you’ve clicked on the link and granted those permissions, an easy way to revoke the permissions is to go to your Gmail account’s permissions settings and remove permissions for ‘Google Docs’ which is the name of the phishing scam. 

 

More Euro Asia news of the month

Photos As holy month of Ramadan ends, Muslims across the world celebrate Eid-al-Fitr with prayers for peace

RIYADH, Saudi Arabia - Muslims around the world marked the end of the holy month of Ramadan on Saturday and started the festival of...

Photos Senate healthcare bill is threatening to expose the rift between Republicans and their leader

WASHINGTON, U.S. - The Senate GOP version of the healthcare bill is facing a strong and significant obstacle from a small group of...

Photos Why America is really, REALLY worried about North Korea’s latest rocket engine test?

WASHINGTON, U.S. - United States officials have confirmed that North Korea conducted its latest rocket engine test - which became the...

Photos Is he or isn’t he? Drama over whether Donald Trump is subject of an FBI probe grips the country

WASHINGTON, U.S. - The Russia probe has swept over the White House and has dissolved all other talk and now, days after U.S. President...

Photos How Donald Trump became richer by tens of millions of dollars as the President of America

WASHINGTON, U.S. - In an unprecedented move, Donald Trump revealed that he’s getting rich as President of the United Stated.>...

Photos Someone just paid over $3.45 million for a private lunch with the world’s most successful investor

CALIFORNIA, U.S. - For the 18th year in a row, billionaire Warren Buffett hosted his annual charity auction and the highest bidder spent...

Photos Trump’s downfall was mapped NOT by his opposers, but his very own son

WASHINGTON, U.S. - While the Trump administration including the President himself, have been denying the damaging accusations made by...

Photos In meeting with Merkel, Mexican President urges for strong defense of values that the U.S. President has fractured with his recent moves

MEXICO CITY, Mexico - Free trade, democracy and environmental protections are issues that have got both Mexico and Germany worried.>...

Photos Senate Minority willing to take Trump up on his offer

WASHINGTON, U.S. - A day after Donald Trump declared that former FBI Director James Comey had lied under oath during his scathing...

Flying Reimagined

Stock Index

Monday, June 26, 2017

Life Style

Photo Gallery

FEUILLETON