Just last month, one million Gmail users were sent a fake Google Doc link which appeared to have been sent by a known contact. These malicious phishing emails sought to hijack the recipients’ accounts. Once the button had been clicked, the user was prompted to grant access to a fake app, masquerading as Google Docs.
Granting permission meant giving hackers access to all emails and contacts, to whom the malicious email would then be spread. Fake apps are a new phishing threat that we all need to be aware of. In this article, experts at Syntax IT Support London explain the threat and outline what to look out for to stay safe against this type of cyberattack.
What is OAuth phishing?
The attack in May exploited a weakness known as Open Authorisation, or OAuth, so this type of attack is known as “OAuth phishing”. OAuth is a way for internet users to add-third party apps to existing services like Google and Facebook without a password. Instead of a password, users agree to the app in question’s permission requests, and the app can then access parts or all of the user’s account. Many top online service providers utilise and rely on OAuth, including Google, Yahoo, Microsoft, Facebook and Twitter. This makes us vulnerable as users, as similar attacks will surely resurface in coming years and there’s little that can be done to fix the issue.
OAuth phishing is when a hacker manages to trick a service provider such as Google into accepting a malicious app. From here, they can masquerade as a trusted provider and persuade users to grant account access to their fake app through OAuth. Many users are accustomed to spotting phishing emails and would instantly be suspicious of less sophisticated messages, but these requests appear to come from a trusted source and once they have been accepted, they even redirect the user to the service provider’s actual website.
The whole attack appears real and authorised, by Google or any other service provider used. Once a user has accepted the permission requests of a fake app, the hacker has access to their account and can spread to others such as accounting or cloud storage. OAuth works by bypassing the need for a password so if the user catches on and resets theirs, the hacker still has control. These attacks can be difficult to spot, but there are some signs to monitor for:
1. Suspicious email Addresses
Even if an email appears legitimate, you should always check the sender’s email address to make sure. Often, hackers are given away by the domain name in the email address provided. Look for what comes after the @ symbol and compare it to a legitimate email you’ve received from the provider in the past if you’re unsure. Some email addresses do appear real even when the message is malicious, so be sure to check the full email header.
2. Language
You probably know to do this already when dealing with ordinary phishing emails, but you should closely inspect the language within the message for spelling and grammatical errors. Legitimate corporations will not make these kinds of mistakes within their correspondence.
3. Amount Of Access Requested
Your last chance to notice a scam is by checking the permission requests. Don’t agree to anything before you’ve looked closely at what the app is requesting access to. Trusted apps often seek access to things like contacts, but they don’t usually ask for full access or administrative rights. Deny access if something doesn’t seem right and you’ll stay safe against OAuth attacks.
A rise in OAuth phishing attacks is a worrying prospect but if you understand how they work and know what to look out for, you can avoid them. Read this guide carefully and pass on the information within to employees and colleagues to ensure that your business stays secure.
You Might Also Like: 5 Best Data Recovery Apps And Softwares