Breaking News

Asia Today ISSN 1861-4604 Monday, October 23, 2017

Headline

Don’t click that: Gmail users across the world hit by sophisticated phishing attack with Google Docs link

Once the permissions are granted

Share on Facebook May 4, 2017, Reporter : Big News Network, Reader : 441

news

CALIFORNIA, U.S. - In a scam involving an age-old phishing trick - Gmail users across the world have been received a Google Docs link from someone they know. > BNN

The phishing attack that is spreading incredibly quickly asks a user for some permissions to their Gmail account, once they click on the link. 

Once the permissions are granted, which happens more often than not, the attack sends the same link, a spam, to all their contacts. 

People online pointed out that one thing common between all the spam ever sent since the attack began was the email address, hhhhhhhhhhhhhhhh@mailinator.com.

Experts are still trying to understand what the phishing accomplishes, however a Reddit post explaining the scam said, “The attack sends targets an emailed invitation from someone they may know, takes them to a real Google sign-in screen, then asks them to “continue to Google Docs.” But this grants permissions to a (malicious) third-party web app that’s simply been named “Google Docs,” which gives phishers access to your email and address book.”

Many users pointed out that in comparison to any simple email phishing scheme is that unlike others, this scam doesn’t take you to a fake Google page to collect your password. 

The latest attack seems to be working within Google’s system, but takes advantage of the fact that you can create a non-Google web app with a misleading name.

Subsequently, Google is said to have disabled the application and it wasn’t, however, revealed how far the spam spread or if the attack might continue through another application.

Twitterati spread the word like wildfire, using the ‘shared a doc’ on Twitter, to keep friends and acquaintances from clicking on the fraudulent link. 

Matt Tait, a British security expert pointed out on Twitter, “This big phishing attack is clever; an OAUTH based attack. Tricks you into giving 'permission' to read your emails.”

Reports explained that 0Auth is a widely used credentialing standard that keeps you logged into accounts for a long period of time, and can also be used across accounts. 

Hackers often love stealing 0Auth tokens because they can be reused until the user completely logs out of an account on all devices.

Tait explained that the ongoing attack was very similar to a spear-phishing campaign last year carried out by APT28, aka Pawn Storm or Fancy Bear, and documented by the security firm TrendMicro in a recent report. 

However, if you’ve clicked on the link and granted those permissions, an easy way to revoke the permissions is to go to your Gmail account’s permissions settings and remove permissions for ‘Google Docs’ which is the name of the phishing scam. 

 

More Euro Asia news of the month

Photos Voters losing faith? Trump’s popularity hits rock bottom

WASHINGTON, U.S. - As Donald Trump’s controversy-ridden presidency continue to face more problems, the tumultuous week, in which...

Photos Taylor Swift drops ’Gorgeous’ new track

New Delhi [India], Oct 21 (ANI): After two singles, Taylor Swift has come out with a brand new third single, 'Gorgeous,' from...

Photos Trump claims biased media ignored Obama-Clinton Russia deal

WASHINGTON, U.S. - In yet another rant against the country’s media, U.S. President Donald Trump has slammed the ‘Fake...

Photos Federal judge blocks latest version of Trump’s travel ban

WASHINGTON, U.S. - Delivering another blow to U.S. President Donald Trump’s controversial travel ban, a federal judge on Tuesday...

Photos MeToo: Thousands Share Stories of Sexual Abuse

In the wake of sexual abuse allegations against Hollywood mogul Harvey Weinstein, tens of thousands of women are identifying themselves...

Photos General Assembly elects new members to UN Human Rights Council

16 October 2017 - The General Assembly today elected, by secret ballot, 15 States to serve on the Human Rights Council, the highest...

Photos Nigeria Tries 1,600 Boko Haram Suspects

DAKAR - The largest trial of Boko Haram suspects in the history of Nigeria's ongoing fight against the terrorist group is under way...

Photos Trump wants to shut down news firms that criticize him

WASHINGTON, U.S. - U.S. President Donald Trump landed himself in another controversy, suggesting on Wednesday that news organizations...

Photos Nobel Peace Prize Awarded to Anti-Nuclear Weapons Group

OSLO, NORWAY - The International Campaign to Abolish Nuclear Weapons (ICAN) won the Nobel Peace Prize on Friday, as the Norwegian Nobel...

Flying Reimagined

Stock Index

Monday, October 23, 2017

Life Style

Photo Gallery

FEUILLETON