After Phishing, Google changes policies to using OAuth

In order to avoid further phishing attacks on Gmail users, Google says it will reinforce the OAuth enforcement it uses to link third-party applications to Google accounts.

Google explains in more detail how it intends to deal with the misuse of its phishing scam systems after last week's phishing attack with an app that allegedly belonged to Google Docs.google

The fake Google Docs application used Google GoOgle's OAuth technology to request access to Gmail's Goal Goals. If users gave access to the app, the same email was sent to all of the victim's contacts.

It is worth mentioning that this news has been released for a week now with titles that make the Greek online community and especially novice users think that Gmail shares viruses and other "devilish" things "that damage computers"…

This is not the first time invaders have used Google's OAuth for phishing.

The so-called Fancy Bear hackers have used the same technique in the US and now in the French elections. As a security expert points out, Google could have prevented these phishing attempts with a more detailed check of the developers enrolled to use the OAuth mechanism.

Chet Wisniewski, lead researcher at security firm Sophos, says the fake Docs phishing attack "is no different than the abuse of the Google Play Store by malware developers." Only instead of uploading a malicious application to Google Play, the user receives an email from Google and authorizes an application through the company's OAuth.

Google already has several mechanisms to combat this type of phishing attacks, such as the mechanism for detecting and detecting unwanted machine learning messages, the Safe Browsing system and virus scanning in attachments.

However, the company said it would update its policies on applications using OAuth.

iGuRu.gr The Best Technology Site in Greeceggns

Get the best viral stories straight into your inbox!















Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).