It is well-known that Google has a few loopholes in their anti-spam software and cybercriminals are taking full advantage of this. The phishing campaigns make use of what users assume is a legitimate Gmail message and when clicked on, it redirects the users to a false Google Drive page that then requires that they give up their username and password. Unlike Google attacks of the past, this particular hack has figured out a way to impersonate the trusted Google SSL encryption.
The cloud security firm, Elastica, discovered the Google impersonators and indicated that this particular crime seems to stand apart in its Google app simulation. Senior security researcher, Aditya Sood, at Elastica stated, “It was a very well-crafted attack. The hackers actually reconstructed the full attack channel, which was very impressive in this case.” An update from Elastica indicated that they traced the domain registration for the fake Google page to the United Arab Emirates. The team at Elastica discovered the false page when one of their researcher’s received a link as part of the cyber phishing campaign. Sood commented, “When we de-obfuscated that Java Script we found HTML code in there, which was suspicious from a security perspective because Google is usually HTTPS. When we submitted dummy information into the HTML page and were eventually redirected to a page that wasn’t the Google server…When you submitted a form you’d be redirected to a PDF document, which was very strange.”
Secure Sockets Layer (SSL) encryption is the same security encryption that is used in a variety of verticals, including banks, email providers and other websites. This security is needed for the protection of personal and sensitive data. When a user logs into their Google Drive or Gmail account, Google will immediately encode/encrypt the username as well as the password so that only Google and the user sees it. In the case of the hackers, they have successfully emulated what appears to be the Google page, which even impersonates the https domain url and browser lock, thereby allowing a feeling of safety for the users. Once they login, the username and password is captured by the cybercriminals, without the user being aware of what occurred.
It is currently unknown as to the quantity of Gmail account users that have been affected by the attack, but seems to have been designed as an all-out focus for the maximum impact of the over 900 million Gmail account users. To give you an idea of the percentage comparison, as of 2014 there were 273 million Yahoo Mail users and 500-600 million users of Microsoft Outlook mail.
Sharon Knowles, CEO of Da Vinci Forensics says:
Da Vinci Forensics is constantly maintaining alerts and information for our clients and the general public on the various forms of cybercrimes. As the criminals become more sophisticated, so will their attacks and we work diligently to attempt to assist in the protection of proprietary and personal information.
Google put out a statement, “We’re constantly working to protect people from phishing scams through a combination of automated systems, in-product warnings, and user education. We’re aware of this particular issue and taking the appropriate steps.”