Breaking News

Asia Today ISSN 1861-4604 Tuesday, August 22, 2017

Headline

Don’t click that: Gmail users across the world hit by sophisticated phishing attack with Google Docs link

Once the permissions are granted

Share on Facebook May 4, 2017, Reporter : Big News Network, Reader : 435

news

CALIFORNIA, U.S. - In a scam involving an age-old phishing trick - Gmail users across the world have been received a Google Docs link from someone they know. > BNN

The phishing attack that is spreading incredibly quickly asks a user for some permissions to their Gmail account, once they click on the link. 

Once the permissions are granted, which happens more often than not, the attack sends the same link, a spam, to all their contacts. 

People online pointed out that one thing common between all the spam ever sent since the attack began was the email address, hhhhhhhhhhhhhhhh@mailinator.com.

Experts are still trying to understand what the phishing accomplishes, however a Reddit post explaining the scam said, “The attack sends targets an emailed invitation from someone they may know, takes them to a real Google sign-in screen, then asks them to “continue to Google Docs.” But this grants permissions to a (malicious) third-party web app that’s simply been named “Google Docs,” which gives phishers access to your email and address book.”

Many users pointed out that in comparison to any simple email phishing scheme is that unlike others, this scam doesn’t take you to a fake Google page to collect your password. 

The latest attack seems to be working within Google’s system, but takes advantage of the fact that you can create a non-Google web app with a misleading name.

Subsequently, Google is said to have disabled the application and it wasn’t, however, revealed how far the spam spread or if the attack might continue through another application.

Twitterati spread the word like wildfire, using the ‘shared a doc’ on Twitter, to keep friends and acquaintances from clicking on the fraudulent link. 

Matt Tait, a British security expert pointed out on Twitter, “This big phishing attack is clever; an OAUTH based attack. Tricks you into giving 'permission' to read your emails.”

Reports explained that 0Auth is a widely used credentialing standard that keeps you logged into accounts for a long period of time, and can also be used across accounts. 

Hackers often love stealing 0Auth tokens because they can be reused until the user completely logs out of an account on all devices.

Tait explained that the ongoing attack was very similar to a spear-phishing campaign last year carried out by APT28, aka Pawn Storm or Fancy Bear, and documented by the security firm TrendMicro in a recent report. 

However, if you’ve clicked on the link and granted those permissions, an easy way to revoke the permissions is to go to your Gmail account’s permissions settings and remove permissions for ‘Google Docs’ which is the name of the phishing scam. 

 

More Euro Asia news of the month

Photos Grim week at the White House concludes, but problems remain

WASHINGTON, U.S. - The week that ends today, is set to feature as one of the most controversial ones in the new president’s...

Photos Thousands gather for candlelight vigil in Charlottesville

VIRGINIA, U.S. - Following the death of 32-year-old Heather Heyer, who was killed in the violence that broke out at a rally organized by...

Photos Obama makes history on Twitter

CALIFORNIA, U.S. - Former U.S. President Barack Obama make history on Twitter, as his tweet in response to the Charlottesville violence...

Photos White nationalists march in Virginia, chant Nazi slogans

VIRGINIA, U.S. - Hundreds of white nationalists as part of various groups gathered under the banner of ‘Unite the Right’ and...

Photos Charlottesville and Trump: Hatred and violence grips America

VIRGINIA, U.S. - On Saturday, the violence that broke out in Charlottesville, Virginia as White Nationals staged a controversial march...

Photos War games: Trump tells North Korea U.S. is locked and loaded

WASHINGTON, U.S. - U.S. President Donald Trump responded to North Korea’s precise plan to rain missiles on Guam in mid-August with...

Photos Fearing nukes, Guam worries if Trump will do the right thing

WASHINGTON, U.S. - Caught between an intense war of words that could lead to action that is threatening to wipe out its existence,...

Photos Lowest ratings, lack of trust sum up Trump’s first 200 days

WASHINGTON, U.S. - In 200 days in office, Donald Trump has not only suffered low job approval ratings, but has also lost a large base of...

Photos Trump’s working vacation watched curiously by Americans

NEW JERSEY, U.S. - U.S. President Donald Trump’s 17-day getaway has become nothing short of a reality show for America that is...

Flying Reimagined

Stock Index

Tuesday, August 22, 2017

Life Style

Photo Gallery

FEUILLETON