Beware of the new online scam that might attack your email inbox sooner than you could ever imagine.
It's called "spear phishing" campaign originating from China and is a form of fraud that seems to come from a co-worker or a friend or family member.
It tricks you into sending personal information to someone you trust. But you are really sending it to someone you don't even know.
Recently, Google has disclosed that the Gmail accounts of several users were recently infiltrated by hackers who used spear-phishing techniques to gain access to and monitor their private correspondence. While the attacks were apparently limited to only a few hundred accounts, the individuals targeted include government officials, journalists and Chinese human rights workers. The FBI is investigating.
Sounding the Alarm
Google alerted users in a blog post detailing the account intrusion and providing information on how to stay secure in the future.
The company stated it's notified victims and relevant government authorities and has secured the accounts in question.
Google believes the scam originated in Jinan, China, a little more than a year after a similar hijacking scam originated in that country. In that case, several human rights activists were targeted.
The first attack factored into Google's decision to cease its agreement to censor certain search results in China, and the company pulled its servers out of the country.
This time the attack is larger, but unlike the previous intrusion, Google's servers weren't accessed in this instance. Instead, the hackers apparently used social Reach More Customers with Live Chat - Free Whitepaper engineering to break into the accounts.
Google declined to discuss how this would affect its already rocky relationship with China.
"We won't be commenting on speculation," Christine Chen, senior manager of global communications and public Affairs for google, told TechNewsWorld.
Bugged Room
The goal of this effort, according to Google seems to have been to monitor the contents of the victims' email. The perpetrators apparently used stolen passwords to change the accounts' forwarding and delegation settings.
That was made possible through a technique calls "spear phishing," a highly focused type of attack that uses personal information to trick the recipient into believing the message comes from a trusted sender.
"Spear phishing is phishing where the message is aimed at a specific individual and contains information particular to that individual to make the message seem authentic," Tom Berson, founder of Anagram Labs and an expert in cyberattacks, told TechNewsWorld.
For example, a phishing attack might send a message that reads "Your bank account at Acme Bank is about to expire, click here to restore your information."
To even a casual computer user, this type of attack is fairly obvious and doesn't present much of a threat.
A spear phishing attack, however, would attempt to gain the victim's trust by using personal information the attacker already knows. A message from a spear phisher regarding banking information would use the recipient's bank name, bank account number, credit information, or other personal material, giving someone much more reason to believe the message is legitimate.
Increased Security for Users
To up security on Gmail accounts, Google has implemented "two-step authentication," which asks users to enter not only their passwords, but also a pin generated by their mobile phone.
It's one step closer to safety, but experts warn that cyberwarfare is becoming more prevalent, and technology users need to stay vigilant.
"No matter where you live or work, the Internet puts every criminal in the world less than a second from your house or office. Be skeptical about the authenticity of all Internet communication. Slow down and think. If a message makes you think twice, ignore it, or seek independent confirmation," said Berson.
- Source
It's called "spear phishing" campaign originating from China and is a form of fraud that seems to come from a co-worker or a friend or family member.
It tricks you into sending personal information to someone you trust. But you are really sending it to someone you don't even know.
Recently, Google has disclosed that the Gmail accounts of several users were recently infiltrated by hackers who used spear-phishing techniques to gain access to and monitor their private correspondence. While the attacks were apparently limited to only a few hundred accounts, the individuals targeted include government officials, journalists and Chinese human rights workers. The FBI is investigating.
Sounding the Alarm
Google alerted users in a blog post detailing the account intrusion and providing information on how to stay secure in the future.
The company stated it's notified victims and relevant government authorities and has secured the accounts in question.
Google believes the scam originated in Jinan, China, a little more than a year after a similar hijacking scam originated in that country. In that case, several human rights activists were targeted.
The first attack factored into Google's decision to cease its agreement to censor certain search results in China, and the company pulled its servers out of the country.
This time the attack is larger, but unlike the previous intrusion, Google's servers weren't accessed in this instance. Instead, the hackers apparently used social Reach More Customers with Live Chat - Free Whitepaper engineering to break into the accounts.
Google declined to discuss how this would affect its already rocky relationship with China.
"We won't be commenting on speculation," Christine Chen, senior manager of global communications and public Affairs for google, told TechNewsWorld.
Bugged Room
The goal of this effort, according to Google seems to have been to monitor the contents of the victims' email. The perpetrators apparently used stolen passwords to change the accounts' forwarding and delegation settings.
That was made possible through a technique calls "spear phishing," a highly focused type of attack that uses personal information to trick the recipient into believing the message comes from a trusted sender.
"Spear phishing is phishing where the message is aimed at a specific individual and contains information particular to that individual to make the message seem authentic," Tom Berson, founder of Anagram Labs and an expert in cyberattacks, told TechNewsWorld.
For example, a phishing attack might send a message that reads "Your bank account at Acme Bank is about to expire, click here to restore your information."
To even a casual computer user, this type of attack is fairly obvious and doesn't present much of a threat.
A spear phishing attack, however, would attempt to gain the victim's trust by using personal information the attacker already knows. A message from a spear phisher regarding banking information would use the recipient's bank name, bank account number, credit information, or other personal material, giving someone much more reason to believe the message is legitimate.
Increased Security for Users
To up security on Gmail accounts, Google has implemented "two-step authentication," which asks users to enter not only their passwords, but also a pin generated by their mobile phone.
It's one step closer to safety, but experts warn that cyberwarfare is becoming more prevalent, and technology users need to stay vigilant.
"No matter where you live or work, the Internet puts every criminal in the world less than a second from your house or office. Be skeptical about the authenticity of all Internet communication. Slow down and think. If a message makes you think twice, ignore it, or seek independent confirmation," said Berson.
- Source
0 comments:
Post a Comment