Crafty Phishing Technique Can Trick Even Tech-Savvy Gmail Users

image: Adobe store


Gmail users in recent months are targeted by a complicated series of phishing attacks that use emails from a notable contact whose account has been compromised. The emails contain a picture of associate degree attachment that seems to be legitimate, per Wordfence.

The sophisticated attack displays "accounts.gmail.com" within the browser's location bar and leads users to what seems to be a legitimate Google sign-in page wherever they're prompted to provide their credentials, that then become compromised.

The technique works therefore well that a lot of seasoned technical users have fallen prey to the scam, noted Mark Maunder, chief operating officer of Wordfence. several have shared warnings on Facebook to alert family and friends, providing the technique has exploited otherwise trustworthy contacts therefore with success.

Google's Reply

Google has been tuned in to the difficulty a minimum of since time period, supported comments from Google Communications' Aaron Stein, that WordPress characterised as associate degree "official statement" from the corporate.

Google was continued to strengthen its defenses, Stein said, adding that it absolutely was exploitation machine learning-based detection of phishing messages, safe browsing warnings of dangerous links in emails, and taking steps to stop suspicious sign-ins.

Users might benefit of two-factor authentication to more defend their accounts, he prompt.

Wordfence last month noted that Google Chrome discharged fifty six.0.2924, that changes the behavior of the browser's location bar. The modification leads to the show of not secure messages once users see a knowledge address.

Google last month declared extra steps to shield G Suite customers against phishing, exploitation Security Key social control. The technique helps directors defend their workers exploitation solely security keys because the second issue.

Bluetooth low energy Security Key support, that works on robot and iOS mobile devices, is another user possibility.

Realistic read

Recent changes in Chrome and Firefox browsers have relieved a number of these kinds of attacks, ascertained Apostle Wheeler, director of threat intelligence at Proofpoint.

However, a spread of techniques area unit wont to target users, he acknowledged.

Attackers produce extraordinarily realistic landing pages, use Javascript to change and code pages and contents, and host documents directly on Google drive, he told TechNewsWorld.

They recently have used PDFs to create it seem that users already area unit logged onto Google Docs -- then users area unit prompted for a login after they move the mouse over the PDF.

Attacks like these area unit a kind of cat-and-mouse game within the sense that attackers can realize additional refined entry points as cyberdefense ways improve, noted Javvad leader, security associate at AlienVault.

"This shows the increasing maturity of cybercriminals," he told TechNewsWorld. "As they become additional organized and higher funded, primarily through the issue of crime, they'll invest time and resources into tweaking attack ways to become more practical."

Difficult Defense

Attacks like phishing and social engineering area unit among the foremost common ways of entry, per guided missile Elliott, director of security product management at Bomgar.

Attacks like these usually target privileged users with access to sensitive knowledge, he said.

"While firms area unit tuned in to this, providing security around these kinds of users while not limiting their ability to try and do their jobs effectively is tough," Elliott told TechNewsWorld.

Defining "privileged user" poses extra challenges for firms, even those with refined security protocols, he added.

Despite the challenges it poses, "like any phishing scam, this one features a restricted life," ascertained Mark Nunnikhoven, vp for cloud analysis at Trend small.

"Because it impacts a really specific audience, there is additionally a central purpose to stop this scam," he told TechNewsWorld.

Google seemingly can deploy image recognition and address filtering to stop this campaign from continued, Nunnikhoven aforementioned.

Google failed to answer our request to comment for this story.

Share this:

Post a Comment

 
Copyright © Tech news. Designed by Ali Arslan