In recent months Gmail users have been targeted by a series of phishing attacks, that use emails from the known contact or some one from the address book of the user whose account has been compromised.
The skeptical attack displays Gmail official address “accounts.gmail.com” in the browser’s location bar. This leads users to what appears to be a legitimate Google Sign-in page, where users are prompted to enter their credentials, which then supplied to hackers, hence compromised.
The technique is so well designed that many experienced technical users have fallen prey to this scam. Users shared this warning on social media platforms to alert their loved ones, stated that this techniques exploits the trusted contacts very easily.
What Is Google doing?
Google has been aware of the issue since mid-January and Google was continuing to strengthen its defences. Also it was using machine learning-based detection of phishing messages, safe browsing warnings of dangerous links in emails, and taking steps to prevent suspicious sign-ins.
Two-factor authentication can be used to protect the User accounts, Aaron Stein Wordfence suggested. Google Chrome released 56.0.2924, which changes the behaviour of the browser’s location bar. The change results in the display of not secure messages when users see a data URL.
Google using Security Key enforcement as additional steps to protect G Suite customers against phishing. This techniques allows administrators to protect their employees using only security keys as the second factor. Bluetooth low energy Security Key support is also another user option, works on Android and iOS mobile devices.
The Reality
The latest changes in Chrome and Firefox reflects some of these types of attacks. However, a variety of techniques are used to target users. These attackers create extremely realistic landing pages, using javascript to obfuscate and encrypt pages and contents, ad host documents directly on Google drive. Recently attackers used PDFs to make it appear that users are already logged onto Google Docs, then it prompted for user login when they hover their mouse over the PDF.
Attacks of these types are such of a cat-and-mouse game in such a manner the attackers will find more complex entry points as cyber security improves over time.This reflects the directly proportional relationship between cyber criminals and cyber security. As they become more organised and better funded, the resource pooled up into a lot used for further exploiting the security holes into the security programs and tweaking attack methods to become more effective.
Difficult Defence
These attacks like phishing and social engineering are the most common gateways of entry. Such attacks like these often privileged users with access to sensitive data. Also security companies are aware of this, providing security measures to these types of users without limiting their ability to do their jobs effectively and efficiently is very difficult.
Despite with all the challenges it possess, like normal phishing scam, it has a limited lifespan because it impacts a specific audience. Google likely will launch image recognition and URL filtering to prevent such kind of campaign from impacting further damage.