On Wednesday, May 3rd, Google and Gmail users experienced a wide, sophisticated phishing attack. It came from a phony app that called itself “Google Docs.” During this incident, approximately 1 million Gmail users received an email asking them to open a Google Doc. If the link was clicked, the user was taken to a page to open the document with their Google account. Doing so would then give the attacker access to the user’s email account and contacts. If you think you have fallen victim to this scam or a similar scam, you should use Security Scan to quickly check your device for malware:
Read More: Security Risks of Apps Sharing Data with Advertisers
The culprit of this attack is the Open Authorization system used by Google as well as several other sites to log users into multiple accounts at once. When you log in with this system, it creates a session token which can be transferred to other sites and services, which then logs you into them as well — indefinitely. And this is why it is so dangerous. When you log in to those fun online quizzes, you don’t often think of what happens when you leave the quiz site. If you stay logged into facebook and other sites that use OAuth, you open yourself up to scams like phishing and viruses.
Because OAuth uses session tokens instead of passwords, it is incredibly easy to hack. All the malware worm needs to do is make itself look legitimate by using icons, logos, and emails. In other words, OAuth systems depend on websites and applications telling the truth about who they are. As OAuth itself is not a security system, but a logging in system, these kinds of attacks are hard to catch because they look legitimate. Computers and laptops are the most susceptible to this kind of attack, but these attacks can happen to phones and mobile devices, too. That’s why it is important to regularly scan your device for malware in order to identify applications or downloads that could secretly be stealing your information.
Have you ever put off an Android update because you figured nothing would really change…
Do you know how many places your phone can remember from just one ordinary week?…
You’ve probably heard that changing your password every week is a smart way to keep…
You install a new app, open it for the first time, and the screen pops…
You unlock your phone to answer a quick text and, without even noticing it, pass…
You open an app to order food, check your bank balance, chat with friends, or…