In order to avoid further attacks phishing attacks on Gmail users, Google says it will strengthen enforcement of the OAuth system it uses to connect third-party apps to Google accounts.
Google explains in more detail how it intends to deal with the misuse of its phishing scam systems after last week's phishing attack with an app that allegedly belonged to Google Docs.
The fake Google Docs application used Google GoOgle's OAuth technology to request access to Gmail's Goal Goals. If users gave access to the app, the same email was sent to all of the victim's contacts.
It is worth mentioning that this news has been released for a week now with titles that make the Greek online community and especially novice users think that Gmail shares viruses and other "devilish" things "that damage computers"…
This is not the first time invaders have used Google's OAuth for phishing.
The so-called Fancy Bear hackers have used the same technique in the US and now in the French elections. As one expert points out security, Google could have prevented these phishing attempts with a more detailed audit of developers signing up to use the OAuth mechanism.
Chet Wisniewski, the security company's principal investigator Sophos, reports that the phishing attack with the fake Docs "is no different from the abuse of the Google Play Store by malware developers." Except instead of uploading a malicious app to Google Play, the user receives an email from Google and authorizes an app through the company's OAuth.
Google already has several mechanisms to combat this type of phishing attacks, such as the mechanism for detecting and detecting unwanted machine learning messages, the Safe Browsing system and virus scanning in attachments.
However, the company said it would update its policies on applications using OAuth.