On Wednesday, May 3rd, Google and Gmail users experienced a wide, sophisticated phishing attack. It came from a phony app that called itself “Google Docs.” During this incident, approximately 1 million Gmail users received an email asking them to open a Google Doc. If the link was clicked, the user was taken to a page to open the document with their Google account. Doing so would then give the attacker access to the user’s email account and contacts. If you think you have fallen victim to this scam or a similar scam, you should use Security Scan to quickly check your device for malware:
Read More: Security Risks of Apps Sharing Data with Advertisers
The culprit of this attack is the Open Authorization system used by Google as well as several other sites to log users into multiple accounts at once. When you log in with this system, it creates a session token which can be transferred to other sites and services, which then logs you into them as well — indefinitely. And this is why it is so dangerous. When you log in to those fun online quizzes, you don’t often think of what happens when you leave the quiz site. If you stay logged into facebook and other sites that use OAuth, you open yourself up to scams like phishing and viruses.
Because OAuth uses session tokens instead of passwords, it is incredibly easy to hack. All the malware worm needs to do is make itself look legitimate by using icons, logos, and emails. In other words, OAuth systems depend on websites and applications telling the truth about who they are. As OAuth itself is not a security system, but a logging in system, these kinds of attacks are hard to catch because they look legitimate. Computers and laptops are the most susceptible to this kind of attack, but these attacks can happen to phones and mobile devices, too. That’s why it is important to regularly scan your device for malware in order to identify applications or downloads that could secretly be stealing your information.
Learn all about one of the hackers' favorite breach method and keep your company safe…
Have you ever wondered how to recover deleted photos on Android? After all, the lack…
Digital worms are among the most serious threats in the wild kingdom of the Internet.
Spoofing is a fairly sophisticated virtual scam that can fool even the most cautious and…
Five Steps to Reduce QR Code Risk! Step one? Read this article…
Pharming is creating a new, dangerous brand of impostor syndrome. Check how to avoid pharming…