Hi! Welcome Back and Stay Tune! Protecting you against phishing - Mukah Pages : Media Marketing Make Easy With 24/7 Auto-Post System. Find Out How It Was Done!

Header Ads

Protecting you against phishing

As many email users know, phishing attacks—or emails that impersonate a trusted source to trick users into sharing information—are a pervasive problem. If you use Gmail, you can rest assured that every day, millions of phishing emails are blocked from ever reaching your inbox.

This week, we defended against an email phishing campaign that tricked some of our users into inadvertently granting access to their contact information, with the intent to spread more phishing emails. We took quick action to revoke all access granted to the attacker as well as steps to reduce and prevent harm from future variants of this type of attack.

Here’s some background to help you understand how the campaign worked, how we addressed it and how you can better protect yourself against attacks.

How the campaign worked and how we addressed it

Victims of this attack received an email that appeared to be an invite to a Google Doc from one of their contacts. When users clicked the link in the attacker’s email, it directed them to the attacker’s application, which requested access to the user’s account under the false pretense of gaining access to the Google Doc. If the user authorized access to the application (through a mechanism called OAuth), it used the user's contact list to send the same message to more people.

Upon detecting this issue, we immediately responded with a combination of automatic and manual actions that ended this campaign within an hour. We removed fake pages and applications, and pushed user-protection updates through Safe Browsing, Gmail, Google Cloud Platform, and other counter-abuse systems. Fewer than 0.1% of our users were affected by this attack, and we have taken steps to re-secure affected accounts.

We protect our users from phishing attacks in a number of ways, including:

  • Using machine learning-based detection of spam and phishing messages, which has contributed to 99.9% accuracy in spam detection
  • Providing Safe Browsing warnings about dangerous links, within Gmail and across more than 2 billion browsers
  • Preventing suspicious account sign-ins through dynamic, risk-based challenges
  • Scanning email attachments for malware and other dangerous payloads 

In addition, we’re taking multiple steps to combat this type of attack in the future, including updating our policies and enforcement on OAuth applications, updating our anti-spam systems to help prevent campaigns like this one, and augmenting monitoring of suspicious third-party apps that request information from our users.

How users can protect themselves

We’re committed to keeping your Google Account safe, and have layers of defense in place to guard against sophisticated attacks of all types, from anti-hijacking systems detecting unusual behavior, to machine learning models that block malicious content, to protection measures in Chrome and through Safe Browsing that guard against visiting suspicious sites. In addition, here are a few ways users can further protect themselves:

How G Suite admins can protect their users 

We’ve separately notified G Suite customers whose users were tricked into granting OAuth access. While no further admin or user action is required for this incident, if you are a G Suite admin, consider the following best practices to generally improve security:

Here is a list of more tips and tools to help you stay secure on the web.


✍ Sumber Pautan : ☕ Google Cloud

Kredit kepada pemilik laman asal dan untuk meneruskan bacaan di laman asal sila klik link atau copy paste ke web server : http://ift.tt/2pOCbh1

(✿◠‿◠)✌ Mukah Pages : Pautan Viral Media Sensasi Tanpa Henti. Memuat-naik beraneka jenis artikel menarik setiap detik tanpa henti dari pelbagai sumber. Selamat membaca dan jangan lupa untuk 👍 Like & 💕 Share di media sosial anda!

No comments

Comments are welcome and encouraged on this site. Comments deemed to be spam or solely promotional will be deleted. Including link to relevant content is permitted, but comments should be relevant to the post topic.

Comments including profanity and containing language that could deemed offensive will also deleted. Please respectful toward other contributors. Thank you.