Cybercriminals are making it harder to spot something fishy going on with their phishing, even Google isn’t completely safe in the battle to defend its customers from dastardly email attacks.
The latest attack took the form of an email, designed to look like an invitation to edit a Google Doc. Inside the email was a link which took users to a fake Google login page which looked completely authentic.
This fake page is where cybercriminals collect your login details. This technique is, broadly speaking, how phishing attacks have always worked; relying on the users’ assumption that if an email or page looks right then it’s probably authentic.
But you’re not the average user! And if you know anything about phishing attacks, you’ll know that unlike old-school phishing attacks with typos and questionable facts, there are no visual clues within the body of the email or page to suggest that it’s fraudulent.
If you’ve been reading our coverage of phishing attacks, you’ll also know that one of the first and easiest checks you can do is of the domain of a login page, because that can’t be faked. A dodgy URL is an immediate red flag, and you should get out of there before typing in your credentials.
For the average phishing attack, this is the end of the road; you’re making a cybercriminal’s job much harder.
But, in this attack, the cybercriminals used a real Google-hosted page to request victims’ login details. Users who clicked on the link were greeted with a request for access from a Google app, created by the cyber criminals, which they’d called ‘Google Docs’. At this point, we wouldn’t blame you if you got suckered. (Though fewer than 0.1% of users were affected, if you think you might have been caught out you can revoke your permissions here.)
The lengths these attackers went to highlights just how valuable your data is, and why it’s so important for providers and users alike to be aware of the threats.
Last year cybercriminals were sending roughly 156 million phishing emails per day, and this figure is still rising – but this attempt stands out because not only was it designed to look like an authentic page, it was designed to circumnavigate those preliminary checks we’re all getting used to performing.
The fake invitation was sent to roughly a million inboxes, according to the BBC, and the fraudulent page has since been removed. Google told the BBC that contact information was accessed, but no other data was exposed.
If you’re ever unsure of the authenticity of an email and the link it contains, don’t click it. Remember that you can still log in to your websites and services independently of the email, to double-check your messages and notifications once you’re safely inside.
Find out more about our security solutions and how UKFast helps clients to protect themselves from these types of vulnerabilities.