Google to increase security to Google Docs Attack

It's only fair to share...Digg thisShare on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInFlattr the authorShare on TumblrShare on VKShare on YummlyShare on RedditShare on StumbleUpon

Google to increase security to Google Docs Attack

ALSO READ  Top 3 differences between hubs and switches

Google to increase security to Google Docs Attack. Following last week’s widespread phishing attack on Gmail users, Google says it will work on tightening enforcement of the OAuth system it uses for linking Google accounts to third-party apps. 

Last week, people were receiving emails containing a fake Google Docs link that appeared to come from someone they knew. Upon tapping the link, the user was taken to a page where they were asked to give permissions go Google Docs. This, however, wasn’t the actual Google Docs coming from the Mountain View company, but a fake tool that sought to get account permissions. Google to increase security to Google Docs Attack.

Google dealt with the problem within an hour of getting the first reports, but by then plenty of people had tapped the link. Thankfully, removing permissions for the app was quite simple.

Related  White House Computers Breached By Hackers

The bogus app used Google’s very own OAuth implementation to request access to the Gmail accounts of those targeted. Once the permission was granted, it sent the same phishing email to the victim’s contacts. Google to increase security to Google Docs Attack.

This is not a new technique used by the hackers. In fact, even Fancy Bear hackers who are responsible for the US and French election hacks, used the same technique.

Google to increase security to Google Docs Attack.

More work to be done

Despite some of these incidents falling through the cracks. Google does have some mechanism to combat this type of phishing attack, such as machine-learning spam detection. The Safe Browsing system, as well as anti-virus scans on attachments. The company, however, will now also update its policies and enforcement on OAuth apps.

“We’re taking multiple steps to combat this type of attack in the future, including updating our policies and enforcement on OAuth applications, updating our anti-spam systems to help prevent campaigns like this one, and augmenting monitoring of suspicious third-party apps that request information from our users,” said Mark Risher, director of Google’s Counter Abuse Technology. Google to increase security to Google Docs Attack.

According to Risher, fewer than 0.1% of users were affected by this attack.

It's only fair to share...Digg thisShare on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInFlattr the authorShare on TumblrShare on VKShare on YummlyShare on RedditShare on StumbleUpon