Google Caution. Phishing is a hacker technique that folds deceive the user to publish sensitive informationas passwords or credit card numbers. To this end, the pirate pretends to be an entity of trust, such as a bank or online service, and sends a fraudulent message containing a link to a malicious site. Once it is on this site, the user is asked to enter his personal data, which then the pirate restores.
But since this technique is well known and users are still suspected of suspicious news, the Pirates are constantly innovating to find new ways to capture their victims. And that’s exactly what Google has just revealed, which detected a particularly sophisticated phishing campaign focused on Gmail users.
- Google revealed a sophisticated phishing campaign focused on Gmail users organized by hackers with the Russian state.
- These hackers have used the passwords of specific applications (ASP) to access Gmail’s accounts about their goals using a legitimate Google feature.
Google warns of a new form of phishing…
According to the report published Group for news threats from GoogleThis phishing attack was led Hackers associated with the Russian state that used E-mail addresses Apparently legitimate US Foreign Ministry focused on high -level people such as diplomats, journalists or activists.
Their aim was to their Open a malicious PDF filewho triggered and Password request be able to consult it. Until then nothing very original. But where this attack is distinguished is that it uses legitimate functionality Google : Passwords specific to applications (A particular app for a password or asp).
ASP is generated by 16 -character codes accidentallythat allow Third -party application Access to your account GoogleWithout needing your main password. They are designed for applications and devices that do not support functions such as two steps (2SV).
… That uses passwords specific to applications (ASP)
In this attack, however Hackers managed to convince their goals Create ASP Open the PDF file and direct them to the official page Google Account. Then they asked them to send them a picture of this aspten to the pretext that it was password the document.
Actually Hackers used this ASP to access Gmail account their victims, so read their e -mail, consult their agenda and potentially steal others sensitive information.
This attack it shows that Hackers are able to use Phishing methods more and more sophisticated, which can deceive even the most informed. It is therefore necessary to remain vigilance Face in the face of messages that ask you to provide a password, especially if you don’t know the sender.
Here are some advice In order not to fall into the trap:
- Don’t create asp If you don’t need it. Google recommends using functionality Google Connect Connecting applications with your account because it is safer and easier to use.
- Never share asp with anyone. ASP is a personal code that allows the application to access your account. If someone asks you to send it, it’s probably a phishing attempt.
- Check the e -mail address of the sender. Hackers can usurp the identity of an online organization or service, but they cannot change the e -mail address. If the e -mail address does not match the sender name, it is probably a fraudulent message.
- To activate the verification of two steps (2SV) for your Google Account. 2SV adds another security layer that asks you to enter a code sent to your phone when you log in to your account from a new device.
If you think you have been sacrifice You can consult this phishing attack or other History to your account Google And cancel access to applications you don’t recognize. You can also Change your main password And your asp for greater security.
Phishing is a constant threat that can have serious consequences for your privacy and finance. By observing these tips you can reduce the risk of imprisonment hackers who swallow on the Internet.
(Tagstotranslate) Google (alphabet) (T) HACKES