The malicious third-party application was named “Google Docs,” matching the email pretext and appears legitimate to many users (it’s unclear if Google will prevent applications from being named like this in the future).The email looks like a legitimate Google Docs request to share a document.The email was sent to a user’s contacts, which means recipients saw the email coming from someone they likely know.There are multiple elements to this campaign that made it highly effective: This allowed it to harvest new recipients, send the emails as the victim to those recipients, and then delete the emails from the user’s Sent Mail. This attack used OAuth to gain access to manage contacts and email for the user’s Google account.
This is a legitimate way to safely give applications limited access to a service as your account without giving up your credentials. Instead, the application will request certain permissions depending on what parts of the service it needs to access. OAuth allows third-party applications to access a service on your behalf without needing your credentials. Before going into details, it’s worth a quick background on why OAuth can make for effective phishing campaigns. This attack was different in that once the user clicks the “Open in Docs” button, they are taken to a page which requests OAuth permissions for their account, allowing the attacker to hijack the Gmail account to send email on the user’s behalf without needing their credentials. These credentials are then sent to the attacker and used to gain access to the email account. Normally, phishing attacks will then present a fake login page that attempts to trick users into submitting their username and password. The email purported to be a request to share a document via Google Docs. This attack started with a phishing email that originated from someone the recipient likely knew.
There are a number of features that you need to be aware of that made this attack incredibly successful, as well as ways to protect yourself or your employees that are detailed below. On Wednesday, a Gmail phishing attack leveraging OAuth spread quickly to multiple users.
Follow the instructions to recover your account.Duo Labs Jordan Wright Gmail OAuth Phishing Goes Viral
#Fake google docs sign in page password
Select Forgot my password on the sign-in page, and then select I think someone else is using my Microsoft account. If that doesn't work, try to sign in to your account again. Starting with this step saves you extra effort if you accidentally signed in with a different account than the alert was for. Try to reset your password with the instructions listed in When you can't sign in to your Microsoft account. Follow these steps to get back into your account: If you tried to sign in to your account but can't, someone may have changed your password. Create a strong password that you can remember, and don't share it with anybody else. If you think someone else may have accessed your account, go back to the Security basics page and select Change password. If it's in the Recent activity section, you can expand the activity and select Secure your account. If you see account activity that you're sure wasn't yours, let us know and we can help secure your account-if it's in the Unusual activity section, you can expand the activity and select This wasn't me. Select Review activity to check for any unusual sign-in attempts on the Recent activity page. Sign in to the Security basics page for your Microsoft account. If you received an email or text alerting you to an unusual sign-in attempt on your account but you haven't done anything different with your account recently, follow these steps to review your account security:
0 kommentar(er)
