We are on Telegram. Follow us for the latest news


Be careful, Sophos warns Twitter & Facebook users against Phishing attack after Google


Last week Google docs experienced a nasty phishing scam that impersonated real accounts. Despite containing the attack which has had affected a good number of Google mail users, security experts Sophos feel it was an abuse of Google’s APIs since the emails appeared to come from Google.

Attacks on open developer systems using OAuth have been vulnerable to similar attacks for a long time, and the onus is on Google to do a better job vetting application developers. This is no different than the abuse of the Google Play store by malware authors.

“There is very little individuals can do other than be forever suspicious about legitimate requests from services provided by Google, Twitter, Facebook and other online services that use OAuth with an un-vetted application developer program. Twitter’s users were attacked using these techniques a few years back. Unfortunately, Google has also fallen victim to a similar attack vector”, says Chester Wisniewski, Principal Research Scientist at Sophos.

When users see official emails from Google and official login pages used in scams, this leads the goodwill Google has garnered from its users to be potentially damaged. All providers of OAuth have a responsibility to police the use of their platforms to stop users from being tricked through official requests from services like Google, Twitter and Facebook.

Sophos suggests that users keep an eye on social media. As the Google Doc “phishing” attempt demonstrates, Twitter is a great early-warning system. According to Wisniewski, users should check the apps that access their accounts and remove anything that may be suspicious on all OAuth-based platforms. For Google it is under your Google account -> Sign-in & Security -> Connected apps & sites. On Twitter and Facebook, it is Settings & Privacy -> Apps.

Here’s how this type of attacks worked:

  1. Users get a real email from Google saying someone wants to share a file with them.
  1. They are directed to a real Google login page and sign in.
  1. They are then prompted that an “add on” wants access to their mail and contacts. The developer name is listed as “Google Docs,” but it could say anything (this is where Google could do more to prevent this).
  1. The only way to attempt to check if it is real is to click on “Google Docs” and see the actual account creating the request, but it could say many believable things and there is no specific thing to watch for.

The only reliable way to not fall victim is to never accept apps connecting to your account and requesting access to read/write your mail and contacts, or just about any other thing they might request access to unless you are specifically trying to hook into some new service, which you still may not be able to trust. When attacks like this happen, it’s a good reminder to go back to your social media accounts and review what applications you’ve given permission to access your information and revoke permission if you no longer trust or use that particular app.

Also Read: Google Updates Gmail For Android With Anti-Phishing Security Checks

About author

Editor at TechArena. I cover all things technology and review new gadgets as I get them. You can reach me on email: kaluka@techarena.co.ke
Related posts

Samsung Galaxy S7 Series Receives Last Update Ever To Patch Recently Discovered Security Loophole


MIUI 12 Global Beta Rolling Out To Xiaomi Mi 9, Mi 9T and Mi 9T Pro


Oppo’s Spinoff Brand Realme Debuts First Smart TV Powered by Android and Dolby Atmos


Opera Mini Gets Updated with a New Design and Extra Data Saving Features

Sign up for our Newsletter and
stay informed

[mc4wp_form id="21344"]