This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
A phishing attack known as the “Google Docs worm” proliferated over the internet in May 2017. It impersonated Google Docs and requested full access to Gmail accounts’ emails and contact lists via specific web apps. Since the requests seemed to emerge from people the target knew, the scam worked so well. If they gave permission, the software would send the identical fake email to the victim’s contacts, spreading the worm further. It affected over a million accounts before Google fixed the situation.
However, a new study suggests that the company’s solutions are insufficient. Another Google Docs phishing fraud might strike at any time.
According to independent security researcher Matthew Bryant, Google Workspace phishing and scams draw most of their efficacy from abusing legal features and services. Targets are bound to succumb to the assaults since they trust Google’s services. To a great extent, the strategy puts the action outside the domain of antivirus instruments or other security scanners since it’s online and controls a legitimate framework.
In research presented at the Defcon security meeting this month, Bryant found that attackers might actually use to move beyond Google’s upgraded Workspace insurances. Recent scams utilized a similar general methodology of modifying genuine Google Workspace warnings and provisions to make phishing connections or pages look more real and interesting to targets.
All of these problems, according to Bryant, arise from Workspace’s conceptual design. The same qualities that make the platform versatile, adaptive, and sharing-friendly also make it vulnerable to mis
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: Google Docs Scam Still Pose a Risk