Google Docs: Phishing attack via OAuth

an attacker has extensively managed to deceive users and to provide access to their email and contact data about the OAuth login service. With phishing emails, they pretended a sender known to them would have at Google docs-based text document is shared with them. A legitimate-looking button urged to “Open in Google Docs”.

 Google Docs (image: Google)

a click led to OAuth, which allows users to login to services and apps. Instead of creating a separate account however, they can use an existing account from another provider Facebook via OAuth Google or . An app for example, queries whether the entered credentials correspond to the information stored on Google, which then sent to a log-in-token with the actual login the app is.

the attackers came here but a malicious Web app, that as Google Docs. Their purpose was solely to get tokens for user accounts, to access the emails and to extend the phishing attack then all this user’s contacts – which quickly led to a cascading proliferation. You took advantage of it, that many users is not aware that the real Google Docs and Google drive OAuth does not need for access to their Google account. Victims that could be convince to grant the alleged Google Docs application access to Google services used by them.


two-factor authentication: more security for Facebook, Twitter and other services

almost daily is reported about the loss of access data. Users with the activation of a two-factor authentication can help guard against the misuse of this information. The following article explains how that works exactly.

trend micro considers this attack technique as particularly sophisticated because the email itself carried no malicious software. Also, the used URL could not automatically be blocked by security solutions, because it actually was there a legitimate domain, belonged to the Google. In such a case, only an enlightened users can avert the attack.

“Anders in a typical phishing attack the objective here is not to compromise the user’s system”, write the security researchers to do so in a blog . “The goal is rather to compromise their Google account.”

a similar campaign conducted before the Group pawn storm, with a malicious application called ‘ Google Defender ‘ pretended to want – to protect the accounts of victims and also used an OAuth link actually to access user data. It, is basically difficult to prevent attacks and to recognize the aim of which is the Google account.

Google has now reacted and blocked the accounts from which the attack originated. Also removed the fake sites and updates distributed by safe browsing. Checking for apps and websites access to the Google account was granted should be suspected to be, fell on a fraudulent email.


what next – BB´s storage & co: the enterprise cloud!

get to know the building blocks of enterprise cloud platform in this audio Webinar. Learn how to achieve maximum freedom and flexibility for your applications. More outcome achieved with less input – specific application examples. [Update: the webinar has already occurred.] Register now and look at the record.

Be the first to comment

Leave a Reply