Author Topic: gmail users getting uber 1337 haxored in phishing scam (Read 1498 times)

Decepticon · May 04, 2017, 11:45:39 AM

danooct1 did a neat video about it

https://www.youtube.com/watch?v=o6uNvBBWBJw

Ad Bot · Advertisement

Shift Kitty · May 04, 2017, 02:48:16 PM

edit: whoops decepticon beat me to it

Swollow · May 04, 2017, 03:27:54 PM

Quote from: AutoBahn on May 04, 2017, 11:40:38 AM

3) all Google did to 'fix it' was they nabbed the phisher responsible. They haven't actually done anything beyond that last I checked (not like they could anyway due to how the attack is perpetrated).

how the heck do you 'fix' something like this?

AutoBahn · May 04, 2017, 04:23:23 PM

Quote from: Swollow on May 04, 2017, 03:27:54 PM

how the heck do you 'fix' something like this?

The best thing they can really do is adjust whatever algorithm or system they use to detect spam and phishing attempts to account for this, really, which they appear to have done by now. Besides that, like I said, it's not really a fixable thing, so

Super Suit 12 · May 04, 2017, 04:56:45 PM

Phishing isn't hacking. That's just taking advantage of idiots who hit OK on everything.
When something asks for high-level permissions like that and doesn't need them, you should have 10 kinds of alarms going off in your head screaming "SCAM! FAKE! PHISHING!"

Ipquarx · May 04, 2017, 05:15:17 PM

Quote from: Swollow on May 04, 2017, 03:27:54 PM

how the heck do you 'fix' something like this?

The entire phishing attack relied on the fact that the app that was requesting permissions looked like an official google docs app. It'll be pretty easy to automatically filter out apps that seem to be trying to impersonate official apps by using text and image comparisons. This in effect 'fixes' it. Of course it's not 100% avoidable but it'll prevent the large majority of attacks like this in the future, and since this is one of the first of its kind, it seems like there won't be many more, if any at all.