Google Derails Phishing Campaign in Less Than Half An Hour
Over the past few months, Google has consistently demonstrated that it is determined to crack down on cyber-crime, whenever possible. Its efficiency was further demonstrated recently, as its engineering and product teams took demolished a self-replicating phishing scheme mere minutes after it came to the attention of one of its employees via Reddit.
The phishing scheme in question was quite ingenious. The original redditor reported receiving a legitimate-appearing email from a contact, displaying the familiar invitation to view some document in Google Docs. Said redditor was only tipped off that something was wrong when a familiar-looking menu asked him for permission to access and manage his email address. Allowing it to do so would have gained the app access to said Gmail account's contact list, allowing it to repeat the process, proliferating rapidly throughout one of the most heavily used mailing platforms on the Internet.
Image example of Google Phishing Scheme Display
Upon reflection, researchers have noted the similarities that this attack had with the notorious Samy worm that devastated the MySpace social networking sire back in 2005. Back on October 4 of the same year, Samy infected over a million MySpace users in just under 20 hours, grabbing the title of 'fastest spreading virus of all time' – which this new threat may have challenged, if it wasn't shut down almost immediately by Google.
As it stands, the post detailing the threat was picked up almost immediately by a Google employee, who replied 'Googler here -- I'm escalating to the correct engineering and product teams now.' As a result of the quick and decisive actions of said teams, the attack was neutralized within less than half an hour. Google's official statement on the matter was as follows.
'We have taken action to protect users against an email impersonating Google Docs and have disabled offending accounts. We've removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.'
This is just one example of how a viral campaign can be stopped dead in its tracks by decisive and coordinated action, and why constant feedback is critical in this day and age. While many users are still understandably concerned about phishing efforts using Unicode exploits to prey on the unwary, the willingness and decisiveness of Google definitely seem reassuring.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.