Author Topic: Google to Tighten OAuth Rules to Block Phishing Attempts After Fake Docs Attack  (Read 24 times)

0 Members and 1 Guest are viewing this topic.

Offline Gilbert

  • Updates Moderator
  • *
  • Posts: 31721
Google to Tighten OAuth Rules to Block Phishing Attempts After Fake Docs Attack
8 May 2017, 4:49 pm

Following last week's widespread phishing attack on Gmail users, Google says it will work on tightening enforcement of the OAuth system it uses for linking Google accounts to third-party apps. 

Last week, people were receiving emails containing a fake Google Docs link that appeared to come from someone they knew. Upon tapping the link, the user was taken to a page where they were asked to give permissions go Google Docs. This, however, wasn't the actual Google Docs coming from the Mountain View company, but a fake tool that sought to get account permissions. 

Google dealt with the problem within an hour of getting the first reports, but by then plenty of people had tapped the link. Thankfully, removing permissions for the app was quite simple. 

The bogus app used Google's very own OAuth implementation to request access to the Gmail acc... (read more)

Source: Softpedia News / Security

>> To obtain the full Softpedia Security News article, click the link in the first post line <<

 


Except where otherwise stated, all content, graphics, banners and images included © 2006 - 2018 Smokey Services™ -- All rights reserved
Design board graphics, banners and images by DSTM & PseFrank

This site does not store profiling-, tracking-, third-party and/or any other non-essential cookie(s) on client computers and is fully compliant with the EU ePrivacy Directive
Smokey's does not use any Web Analytics/Analysis Service, and also does not use any browser fingerprinting techniques



Smokey's also provides free fully qualified Log / Malware Analysis & Removal Help and System Health Checks