Skip to main content

Massive Phishing Attack on Google Docs - Case Study

Rethink While Allowing Apps Accessing Your Google Account Now

Did you know that Google Docs recently encountered a major phishing attack on Tuesday, 2nd, May, 2017? This attack got spread like a wildfire, and was designed to steal the precious information from your mailbox.












The strategy of this attack was slightly advanced than other phishing attacks. Here, users get emails with a link, namely ‘Open in Docs’.







This phishing attack was designed by exploiting a renowned standard, namely ‘OAuth’, which is used to provide third party services or apps to connect with your Google account. Usually, this functionality is being utilized by numerous authentic websites to help users quickly connect with them. But, if we discuss this phishing attack, the moment users click this link, they are redirected to Google.com. It is one of the reasons that they could not sense that it is extremely harmful for their precious data. Being a user, you are also asked to provide your permission to an app to connect with your Google account. And, once the permission is granted, it sends the same email to your entire contact list. This is how this phishing attack reached to a maximum number of people worldwide. However, the name of this app is ‘Google app’, but it is not a Google based app. It is an illegitimate application, which has been given this name to cheat the users. Once you give accessibility permission to this app, it takes control of your mailbox management including data, emails, etc. If you research it a little bit more by clicking its link for detail, it is clearly mentioned that it is owned by someone with an email id, ‘eugene.pupov@gmail.com’.

However, Google is known to be one of the most secured platforms on the Internet, but to maintain the flawless security, constant IT security surveillance is mandatory. Well! IT industry has a nature of staying on wheels. It never remains static, as new challenges, innovations and solutions are the part of it. No matter how secure a software becomes, hackers never take their eye off from it, and keep finding ways to temper it. Not sure if anyone can ever change their negative thought process. But, we can surely boost the level of our security for a safer online experience. In order to get more information about this OAuth phishing, you can refer to Ars Technia, Quartz, the Verge, etc. Be it any business vertical, data plays a vital role everywhere, and no one can afford to lose it in today’s highly competitive world.

Google took a quick action on this incident and deactivated the app’s authentication token, which means it is not going to create nuisances in your digital world. But, for security viewpoint, you can access your Google Account Settings and remove this unethical app from there. Finally, it is always good to check the authenticity of applications that are asking for your personal or other account related details to stay safe online. Be aware to stay safe. You can always connect with mysslonline technical team to get any information related to IT security.     


Comments

Popular posts from this blog

WCRY Ransomware Attack 2017 –Validate If Your System is Safe Today

Breaches in IT security are spreading like wildfire all over the world. There is a new culprit found on May 12, 2017, which is known as WCRY ransomware, affected approximately 230,000 computers worldwide. It is known as WannaCrypt too.









Be it any business vertical, this nasty Internet offender did not restrict itself anywhere, and was designed to blow the whole IT industry. This massive cyber-attack holds the potential to encrypt data of any system within minutes and displays a message on the user’s screen, asking to pay $300 in Bitcoins for data retrieval. It quickly got spread via phishing emails and targeted unpatched applications/operating systems in the form of computer worm. In other words, it majorly targeted those machines that were using older operating systems. National Health Service of the UK, national petroleum of China, and factories of Renault situated in France were some of its victims that were affected adversely.
That’s not all! It also impacted the patient tracking…

ytred

Here you will get to know the benefits of installing an SSL certificate on your website. Besides securing your website, it does loads of things for your business. 

Installing an SSL certificate on your website is mandatory. Here you will get to know the benefits of installing an SSL certificate on your website. It will secure your website as well as increase its visibility on search engines.