Just In
-
-
-
-
Don't Miss
-
Siragan First Review: Gajaraj-Starrer Mystery Crime Thriller By Venkateshwaraj Gets A Thumbs-Up; Details HERE -
Porsche Introduces Macan EV In India, Expanding Electric Portfolio -
African Nationals Attack Bengaluru CCB Officers During Drug Bust -
How To Apply Your Voter ID Card Online: Quick Guide For Indian Citizens -
NLSIU Announces the Rajiv K. Luthra Foundation Grant -
T20 World Cup: 'He will definitely be in my list' - Anjum Chopra handpicks 2 wicketkeeper-batters for India squad -
Summer Fashion: Your Bollywood Style White Outfits Guide To Keep It Cool And Chic -
Journey From Delhi To Ooty: Top Transport Options And Attractions
Google Docs user faced phishing attack; Issue got resolved now
Beware of phishing attacks!
If you are a regular user of Google Docs, then be aware! Do not open any invites from others to edit a file, it may be a spam to make you as a victim of phishing scheme.
The attacker made use of a different way to phish this time. Without even gaining an access your account with a password, the phishers could harm your data. They did so by taking the advantage of the fact that one can create a web app similar to Google page but with a misleading name. That is, asking a logged-in user to grant permission to a malicious app developed by them.
According to Reddit, here is how the attack took place.
Email invitation
Firstly an email invitation will be sent to a victim from the person they may know. This invitation requests you to open the file in Google Docs.
Lets you select among few account
Once you open the invitation, it lets you select among few already logged in Google account. After you select the required account, the attack begins.
Also Read: 11 Google Docs features that you probably didn't know
Asks permission to grant the access
Once done with selecting the account, it takes them to a Google sign-in page and asks them to continue with Google Docs. This helps the attacker to get the access to your mail and address book.
Because when you continue with docs, it is not an original page instead a third party malicious app which is named as ‘Google Docs'.
Developer information title
You can verify it by checking the title for developer information. It will look something like the above picture.
Regarding this, Google says, "We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts. We've removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail."
Google took this issue seriously and disabled the application to fix it. Later it confirmed telling that the issue has been resolved.
Update: Google revoked the app, there's nothing more to do. Attacker likely has victim info on their servers, but no more account control.
— Zach Latta (@zachlatta) May 3, 2017
-
99,999 -
1,29,999 -
69,999 -
41,999 -
64,999 -
99,999 -
29,999 -
63,999 -
39,999 -
1,56,900
-
79,900 -
1,39,900 -
1,29,900 -
65,900 -
1,56,900
-
1,30,990 -
76,990 -
16,499 -
30,700 -
12,999
-
62,425 -
1,15,909 -
93,635 -
75,804 -
9,999 -
11,999 -
3,999 -
2,500 -
3,599 -
8,893
