Time and again, people have fallen victim to phishing scams via email. These scams use sophisticated methods to target individuals by sending convincing emails that often lead people to reveal their personal information. One way to identify these phishing attempts is through the source the email originated from. For example, if it’s an email from Google, it usually comes from noreply@google.com. But what if we told you there is a new, highly sophisticated phishing scam doing the rounds? One that can even bypass this?
This scam came into the spotlight after a software developer, Nick Johnson, was targeted by an “extremely sophisticated phishing attack,” as he describes it. In this case, the email came directly from Google or so it seemed. Even security tools gave it a green signal, confirming that the email was indeed from a legitimate Google source.
Also Read: Nothing Phone 3 tipped to launch on July 25: Here’s what to expect from the upcoming device
Details
Naturally, you might be wondering, how could hackers get access to Google’s security account, so that they could send emails?
Johnson explains that the hacker used advanced tricks. When he clicked on the link, it led him to a sign-in page, but the difference was that the website URL showed sites.google.com instead of accounts.google.com.
This was possible because the attackers were using a “legacy Google product”, before the company took security as seriously as it does today, Johnson said.
By using this old product, the hackers were able to host content on a subdomain of google, which supports arbitrary scripts and embeds. Using this method, they could simply create a Google account with a fake domain intended to scam users.
Johnson also noted that the attackers could create a Google OAuth application, which is how the whole security alert is generated. Later, the hackers send a fake security alert that mimics the real emails, convincing users to hand over their login details.
Also Read: ₹78,999″>HP OmniBook AI PCs now available for pre-order in India, price starts at ₹78,999
Google is working on fixing this security loophole
Google has since confirmed that it is working on a fix. Initially, Johnson said that Google did not acknowledge it. However, he was able to convince them to reconsider and address the OAuth issue.
Now, as reported by Newsweek, Google has officially confirmed it is indeed working on a fix. “We’re aware of this class of targeted attack from the threat actor, Rockfoils, and have been rolling out protections for the past week. These protections will soon be fully deployed, which will shut down this avenue for abuse. In the meantime, we encourage users to adopt two-factor authentication and passkeys, which provide strong protection against these kinds of phishing campaigns,” the Google spokesperson, as quoted by Newsweek, said.
Also Read: iPhone 16e quick review: Compact but powerful contender
Leave a Reply