DCL Connecting talent
  • Virgin
  • SingTel
  • Tata
  • Nebulas
  • CNS
  • Secure Data
  • Telstra Global
  • Telecity
  • KCOM
Comments Off on Gmail Phishing Scam Has Everyone Reaching for 2FA

Gmail Phishing Scam Has Everyone Reaching for 2FA

Posted by Admin | January 20, 2017 | IT Security

Seriously people, this is serious

STOP WHAT YOU ARE DOING, unless you don’t have a Gmail account. Carry on if that is the case.

If you do use Gmail you apparently really, really, need to be aware of a crafty phishing scam that will have you hooked, lined, sinkered, gutted, covered in batter and served with curry sauce before you have a chance to realise that anything is happening.

The scam that has everyone in a lather uses a deceptive URL, and quite a sneaky one. People probably won’t even notice it because, for the most part, it looks fine. It is only once it is clicked and the bastard gateway is broken through that the phishing and the stealing begins.

It all kicks off with a fake login page, which once accepted starts sucking up personal details and spitting PDFs in the direction of the victim according to the security company Proofpoint. In the INQUIRER’s experience PDF files are 90 per cent boring, so we are always cautious of those.

Proofpoint says that Powerpoint hungry people do not get the illuminating presentation experience that they were expecting, but a bundle of malware and problems that they could have equally done without. Plus, they share it with their unfortunate contacts list.

“Gmail/gdocs phishing is very common and unfortunately, it’s something we’ve seen for years. It is indeed a powerful phishing vector because the phisher can then send email from that account using the user’s email signature and contact list, which makes the follow-on messages extremely convincing,” said Bryan Burns, vice president of threat research at Proofpoint.

“This attack suggests attackers are finding it easier to trick people than machines – and based on the prevalence of macro-based downloaders for large-scale campaigns (like those used to deliver Locky ransomware), and the increase in business email compromise-type attacks, it seems likely that credential phishing will continue to be a dominant threat vector.”.

Fortunately, Gmail has recently added the option of two-factor authentication (2FA), something that has always been a good idea to use. If you have not enabled that, get on with it, because anyone could fall for this Gmail scam and plunge deep into its black hole of phishing pages.

“Phishing attacks are now a daily occurrence for users and most will spot a large majority of them as exactly that. When these emails start taking on the form of our daily go-to apps like Apple or Google then it’s no surprise sometimes even the enlighten get fooled. Phishing is getting harder to spot, the emails are getting smarter and every now and again even the ‘techies’ have to stop and think about clicking that link or opening that attachment,” said Mark James, IT security specialist at ESET.

“But all is not lost – using technology like 2FA or 2 Step verification could help to protect your account. It might not stop you from inadvertently sharing your login credentials but it will stop someone else from using them and that’s the main thing.”

Source: theinquirer

137 total views, 1 today