Προκειμένου να αποφευχθούν περαιτέρω επιθέσεις ηλεκτρονικού ψαρέματος (phishing) στους χρήστες του Gmail, η Google αναφέρει ότι θα ενισχύσει την επιβολή του συστήματος OAuth που uses to link third-party apps to Google accounts.
Google explains in more detail how it intends to deal with the misuse of its phishing scam systems after last week's phishing attack with an app that allegedly belonged to Google Docs.
Η fake Google Docs app used Google's OAuth technology to request access to targets' Gmail accounts. If users granted access to the app, the same phishing email was sent to all of the victim's contacts.
It is worth mentioning that this news has been released for a week now with titles that make the Greek online community and especially novice users think that Gmail shares viruses and other "devilish" things "that damage computers"…
This is not the first time invaders have used Google's OAuth for phishing.
The so-called Fancy Bear hackers have used the same technique in the US and now in the French elections. As a security expert points out, Google could have prevented these phishing attempts with a more detailed check of the developers enrolled to use the OAuth mechanism.
Chet Wisniewski, principal researcher at security firm Sophos, reports that the phishing attack with the fake Docs "is no different from the abuse of the Google Play Store by malware developers." Except instead of uploading a malicious app to Google Play, the user receives an email post officey by Google and authorizes an application through the company's OAuth.
Google already has several mechanisms to combat this type of phishing attacks, such as the mechanism for detecting and detecting unwanted machine learning messages, the Safe Browsing system and virus scanning in attachments.
However, the company said it would update its policies on applications using OAuth.