A brief phishing attack targeting Google Gmail and Google Docs users struck yesterday impacting an unknown number of individuals.
The attack was quickly mitigated by Google and lasted for roughly 2 hours, with the meat of it all taking place during a 15 minute period around 3 pm on May 3. Google claims that so far nothing malicious has been done with the stolen credentials, but expect to hear more.
What was so odd about this attack is that instead of trying to obtain the Google username and password or drop malicious malware onto the victim, these attackers were focusing on permissions to ‘Read, Send, Delete, and Manage’ emails and contacts.
According to Talos researchers, Sean Baird and Nick Biasini, “The "Open in Docs" link contained in the email directed the recipient to a legitimate Google site which required log-in with Google credentials. Upon entering the site, a service called "Google Docs" requested permission to "Read, send, delete, and manage" email and contacts. This is a legitimate request and is part of a lot of applications that make use of google as an authentication mechanism. The portion that is not normal are the permissions that are being requested.”
Talos believes that the success of this attack will lead to this group or others copying the format, focusing us to be even more vigilant in our email security efforts.
Read this article on SCMagazine