Which SSL Reviews


Gmail Users are at Risk of This New Sophisticated Phishing Scheme

July 29, 2015 | By Editor 

Savvy cyber criminals have come up with a high-quality simulation of Google’s web app that neither its security standard can detect not the users.

Amid recent news reports of Google announcing to shut down its social networking site Google+, there is another news – and a lot more alarming – that is the grabbing the attention of online security stakeholders. Cyber criminals from remote locations in the Middle East have devised a new phishing technique that has put the world’s most widely used email service provider, Gmail, in a tight fix.

This was first discovered by a team of experts at the California-based security firm Elastica. The team found that Gmail users are receiving emails that look impressively genuine, with links to a PDF file hosted in authentic Google Drive. The Drive page is SSL encrypted, which is why the document stays outside the radar of Google’s IP blacklisting and intrusion detection system.

When users click on the PDF, it redirects them to a mocked up Google Drive page which the Elastica team say is strikingly original-looking. The users are then prompted to verify their login credentials, which doesn’t come across as suspicious because they are already in a page hosted by Google.

While the users are comfortably entering their credentials in the imitation page, java script obfuscation takes place not once but twice. The Elastica team also concluded that the phishing agents used fake SSL certificates to access the Google pages, and the URL redirects use HTTPS address which surpasses the security layers with ease.

If the problem is not curbed on time, over 900 million Google users could suffer a loss or breach of personal data. Additionally, this impact could be even bigger because the attackers would be able to infiltrate into users’ emails, documents, analytics, calendar, etc. because Google allows one account to access all these services.

Red Flags

Google has already taken notice of the problem and have issued a statement saying that they are looking into the matter. Meanwhile, as a proactive user, Gmail users should watch out for certain red flags to avoid a possible data breach from this type of phishing scam.

When redirected to the sign-in Google page, users will see the subtitle that reads “Google Drive. One Storage” instead of the original page subtitle that says “One account. All of Google.”

You can also check the page’s authenticity by clicking on the “Create an account” link which, in the case of the fake page, will just reload the page instead of navigating to the relevant site. Finally, you will be redirected to the next page even when you enter a wrong password to your email ID in the imitation page.

This phishing scheme has once again brought cloud security to everyone’s concern; while it undoubtedly offers unlimited benefits to the users, it also demands newer and more sophisticated ways of providing security shields to combat cybercrime. The security mechanism that are in place at present are slowly becoming a thing of the past, and more innovative methods are the need of the hour.

Be part of an IT community with thousands of subscribers. Get the latest news, blogs, and thought leadership articles. Subscribe now
Email *

Posted in HTTPS

Be Sociable, Share!

Leave a Comment


* fields are mandatory