Rethink While Allowing Apps Accessing Your Google Account Now
Did you know that Google Docs
recently encountered a major phishing attack on Tuesday, 2nd, May,
2017? This attack got spread like a wildfire, and was designed to steal the
precious information from your mailbox.
The strategy of this attack was slightly advanced than other phishing attacks. Here, users get emails with a link, namely ‘Open in Docs’.
The strategy of this attack was slightly advanced than other phishing attacks. Here, users get emails with a link, namely ‘Open in Docs’.
This phishing attack was designed by exploiting a renowned standard, namely ‘OAuth’, which is used to provide third party services or apps to connect with your Google account. Usually, this functionality is being utilized by numerous authentic websites to help users quickly connect with them. But, if we discuss this phishing attack, the moment users click this link, they are redirected to Google.com. It is one of the reasons that they could not sense that it is extremely harmful for their precious data. Being a user, you are also asked to provide your permission to an app to connect with your Google account. And, once the permission is granted, it sends the same email to your entire contact list. This is how this phishing attack reached to a maximum number of people worldwide. However, the name of this app is ‘Google app’, but it is not a Google based app. It is an illegitimate application, which has been given this name to cheat the users. Once you give accessibility permission to this app, it takes control of your mailbox management including data, emails, etc. If you research it a little bit more by clicking its link for detail, it is clearly mentioned that it is owned by someone with an email id, ‘eugene.pupov@gmail.com’.
However, Google is known to be
one of the most secured platforms on the Internet, but to maintain the flawless
security, constant IT security surveillance is mandatory. Well! IT industry has
a nature of staying on wheels. It never remains static, as new challenges,
innovations and solutions are the part of it. No matter how secure a software
becomes, hackers never take their eye off from it, and keep finding ways to
temper it. Not sure if anyone can ever change their negative thought process.
But, we can surely boost the level of our security for a safer online
experience. In order to get more information about this OAuth phishing, you can
refer to Ars
Technia, Quartz, the Verge,
etc. Be it any business vertical, data plays a vital role everywhere, and no
one can afford to lose it in today’s highly competitive world.
Google took a quick action on
this incident and deactivated the app’s authentication token, which means it is
not going to create nuisances in your digital world. But, for security viewpoint,
you can access your Google
Account Settings and remove this unethical app from there. Finally, it is
always good to check the authenticity of applications that are asking for your
personal or other account related details to stay safe online. Be aware to stay
safe. You can always connect with mysslonline
technical team to get any information related to IT security.
No comments:
Post a Comment