The Google Docs spam attacks played off Google’s most fundamental weakness

If you saw a Google Docs email from someone you knew, you’d open it, right? And if, having clicked through, Google asked you to log in again, would you think something was wrong?
For countless Gmail users, the answer was no. Yesterday, a sophisticated phishing attackswept through the network, masquerading as a Google Docs permission request. Every time someone followed the prompts, the app would gain access to the user’s contact list and blast out a new round of emails, causing a ripple effect of compromised accounts. According to Google, the attack affected less than 0.1 percent of Gmail users, but that’s still as many as 1 million people. And while the scheme can look simple, it was actually a string of linked spoofs, each made possible by Google’s reassuring presence on a fundamentally open system, and raising serious questions about how the company structures its products. [Read more here...]


Popular posts from this blog

Registering a single web address may have stopped a global malware attack

How to Accidentally Stop a Global Cyber Attacks

The NSA’s leaked Windows hack caused more damage than just WannaCry