Storagepipe Is Now Thrive

GridWay Is Now Thrive


A Look Back on the Google Phishing Attack

A Look Back on the Google Phishing Attack

A massive and unusually sophisticated phishing campaign took place a few weeks ago targeting users of Google’s Gmail service. I wanted to look back and provide some thoughts on the attack and provide some tips so you can be prepared for the next attack.

The attack began around 4 pm on May 3rd as Gmail users received an email with an invite to a Google Doc that appeared to be from a person they would know. Attempting to access the Doc would direct the user to authorize a fake Google app that was hosted on an actual Google page. Once the app was authorized, the attacker would then draw from the user’s contacts to send the offending email to even more people.

Pretending to be a Google application, this phishing attack used the OAuth authentication interface, which is designed to allow users to log in without using a password. By abusing OAuth in this way the attacker was able to present a legitimate Google dialogue box requesting authorization. Once authorized, “Google Docs” could read all of your email and contacts and then self-propagated by sending more emails to the people in the contacts list.

Google acted quickly by disabling the application, deleting the developers’ account and marking the emails containing the link as Spam. At this time it is still unknown who started this attack or why.

Making sure that your company and its employees are safe on the internet is always a difficult task, especially when phishing attacks are becoming more sophisticated and are becoming near indistinguishable from legitimate emails. Training users, staying patched and deploying managed solutions for your email, workstations and more, are just some of the ways to help avoid and mitigate risks your organization is exposed to on the internet. Contacting Thrive today may be the step your organization needs to move forward with their technology.

Here are a few things to remember:

  1. Alway