Google account passwords stolen in phishing attack
Posted on 12 May 2014.
Hackers have been stealing Google account passwords in a new and better crafted phishing attack that is hard to catch with traditional heuristic detection, according to Bitdefender.


A particularity in how Google Chrome displays data: URIs (Uniform Resource Identifiers) makes Chrome users most vulnerable, however the phishing attack also targets Mozilla Firefox users.

“With access to users’ Google accounts, hackers can buy apps on Google Play, hijack Google+ accounts and access confidential Google Drive documents,” states Catalin Cosoi, Chief Security Strategist at Bitdefender. “The scam starts with an email allegedly sent by Google, with “Mail Notice” or “New Lockout Notice” as a subject.”

“This is a reminder that your email account will be locked out in 24 hours,” the e-mail reads. “Due to not being able to increase your Email storage Quota. Go to the INSTANT INCREASE to increase your Email storage automatically.”

When clicking the INSTANT INCREASE link, users are redirected to a Google login web page that imitates the authentic one and asks for their credentials.

“What is interesting about this phishing attack is that users end up having the “data:” in their browser’s address bar, which indicates the use of a data URI scheme,” continues Catalin Cosoi.

The data URI scheme allows scammers to include data in-line in web pages as if they were external resources. The scheme uses Base64 encoding to represent file contents, in this case supplying the content of the fake web page in an encoded string within the data URI.

As Google Chrome doesn’t show the whole string, regular users have a hard time figuring out they are targeted in a phishing attack and may give their data to cyber-criminals.

Scammers usually pose as services that contact people by e-mail for announcements or notifications. Google, Facebook, eBay, phone services and financial institutions are among phishers’ favorite disguises to invade inboxes worldwide.

A similar attack recently targeted Google Drive’s landing page to grab Gmail credentials.





Spotlight

Biggest ever cyber security exercise in Europe is underway

Posted on 30 October 2014.  |  More than 200 organisations and 400 cyber-security professionals from 29 European countries are testing their readiness to counter cyber-attacks in a day-long simulation, organised by the European Network and Information Security Agency (ENISA).


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Oct 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //