Phishing attack against Gmail

Phishing attack against Gmail

Even big companies can have problem with Phishing attack

Not even one of the world’s largest online companies is safe from scams. Earlier this week, an advanced phishing attack against users of Google email service, Gmail.

By utilising the OAuth protocol, hackers have been able to create fake Google Docs documents to access users account information.

OAuth is an open standard for authorization, commonly used as a way for Internet users to authorize websites or applications to access their information on other websites but without giving them the passwords.

Source Wikipedia

The phishing email came from the email service Mailinator, which offers free email services. They have denied all involvement in the attack, and are not suspect at this time.

The hacks were using the OAuth protocol. The same protocol that also Google, Twitter, Facebook use when it comes to connecting any third party applications. OAuth do not pass by any password information. Instead, it uses so-called tokens to provide account information.

The attackers seem to have managed to build a real third-party app that looks like an actual Google processes.

With this method, not even users with two-factor authentication are safe.

Phishing attack against Gmail was quick resolved.

When Google became aware of the Phishing attack, the company acted quickly. And in three hours Google have stopped them.

According to reports from Google, they said that the emails were very well-formulated.

Google removed the fake pages and sent updates through Safe Browsing.

The security team of Google has also said that they now are working on a solution to stop Phishing attack against Gmail, and all other services from the company.

Are you one of the affected users?

Google security team recommend affected users to review which third-party applications that have access to their accounts and remove those who raise suspicions.

And of course change the password on all your Google services. But as I always have said, There are only one thing that are 100 percent secure, be careful and never ever click on something that you not are 100 percent sure about