~ Welcome back dear readers. As in my last article i discussed about how the tech gaints had became victim of phishing websites. Today we will discuss about how Google had toughen OAuth rules in order to block the phishing attempts by the hackers sending fake documents in the mail box.
~ Since almost last month, many users were getting emails which contains a fake or bogus Google Docs link. As soon thee user taps the link, he/she was redirected to a page where they were ask some of the permissions to go to thee Google Docs. This, yet wasn't the real Google Docs, but it the fake one which will get the permission to access the user's account. According to the reports, as soon as the Google get the first news or report of such fraudulent activity happened with it's users, it solved the problem within an hour. But before it, many of its users had clicked on the fake link. But it is the fortune of the users that removing the permission is easy for account holder.
~ The fake app used Google's own OAuth operation to request access to the Gmail accounts of targeted users. Once the user gives the permission by clicking on the bogus link, it sent the same phishing email to the victim's contact back again. According to the past reports and the history of cyber crime, this is not the first time that this technique is used to gain access to the victim's account. In fact, the hackers group which is responsible for the US and French election hacks, the Fancy Bears group (hackers group). This group had used the same technique to get the access on it.
~ Despite some of these major things happened, due to the cracks, Google itself have some system to encounter this type of phishing attacks. Well known systems are likely known as the Safe Browsing system, machine-learning spam detection, as well as anti-virus scans. Google yet will now update its policies and enforcement on the OAuth apps. The director of the Google's Abuse Technology, Mark Risher gave the statement " We are taking multiple steps to combat this type of attack in the future, including updating our policies and enforcement on OAuth applications, updating our anti-spam system to help prevent campaigns like this one,and augmenting monitoring of suspicious third-party apps that request information from our users." As per the answers given by the Risher, less than 0.1% users are affected of this phishing attack.
Follows us here for more interesting articles:-
Facebook: CLICK HERE!!!!!!!!!!
Twitter: @NewAgeInformers
Instagram: @new_age_informers
Youtube: CLICK HERE!!!!
Comments
Post a Comment