This feature may not have prevented this week’s attack, however, as that attack involved a malicious and fake “Google Docs” app that was hosted on Google’s own domain.
However, the additional security protection is a step in the right direction, given how many users access Gmail on mobile, and the increasing sophistication of these phishing attacks that can even fool fairly tech-savvy individuals.
In this week’s attack, for example, you would have received an email from a known contact who said they were sharing a document with you. When you clicked to open the document, you’d be taken to an innocent-looking web page hosted by Google. The page wouldn’t even prompt you for your password, but instead listed all your Google accounts ready to be clicked.
You would be asked to give an app named “Google Docs” account permissions – but it wasn’t the real Google Docs. And once it had access, the worm began spreading to everyone in your contacts list.
The new phishing protection in the Gmail app for Android relies on Google’s Safe Browsing technology, which can warn web users if they’re about to visit a page that’s impersonating a legitimate website, like a bank, online store, or any other site trying to trick you into sharing your username and password information.
In Gmail, if you click on a suspicious link in your email message, the app will display a warning messaging that reads:
The site you are trying to visit has been identified as a forgery, intended to trick you into disclosing financial, personal or other sensitive information.
It then informs you that if you choose to proceed to the site, you do so at your own risk.
It doesn’t seem likely that the recent phishing attack would have been flagged by this system at the time of its occurrence, as it was a hosted app on Google’s own domain.
Google said on Wednesday it had taken action against the phishing attack that had affected Gmail and Google Docs users. It disabled the offending accounts. removed the fake pages, and pushed updates through Safe Browsing and its abuse team. The company also requested users to report any suspect phishing emails in Gmail.
Google officially just took the wraps off of Android Oreo, but there are still some questions left to be answered — most notably, precisely when each device will be getting the latest version of the mobile operating system. Due to Android’s openness and a variety of different factors on the manufacturing side, it’s not an easy question to answer, but we’ll break it down best we can.
6 years, 3 months ago
Google has thrown more than 40 apps out of its Play store after it emerged they were quietly forcing Android users to click on ads. As the apps been downloaded as many as 36 million times, security researchers said it appeared to be the biggest ever case of ad fraud perpetrated via Google Play and probably the most successful malware in terms of installs from the official store.
6 years, 6 months ago
Want to run Android, but don't want to buy a smartphone, tablet or Android TV device? Then this may be the answer to your prayers: Google has teamed up with Huawei to deliver the HiKey 960, a Raspberry Pi style computer board that runs Android.
6 years, 7 months ago