Do you use Gmail? Are you a fan of Google Drive? How about Google Docs? Considering that there are a staggering 900 million Gmail users (and that number climbs each day) chances are you probably do have, or will have a Google account one day. And why not? Google has a reputation for being well supported, it’s convenient, and as far as you know, if your password is a strong one, then it should be a pretty solid place to store information. And that’s just the thing hackers, hungry for your “secure” information, are counting on.
Going Phishin’ in the Google Cloud
Security firm Elastica has just uncovered a new phishing campaign out of the Middle East that goes something like this: Hackers send out a phishing email that spoofs a real Google email which goes undetected by Google’s own anti-spam measures. The message in the email directs the target to a fake Google Drive page where the user is prompted to enter in his or her login credentials. Once the hacker has a victim’s login credentials in hand, he or she can do whatever they like with the docs, emails and anything else stored on the Google cloud.
Pulling this off isn’t as easy as it sounds though. In order to bypass Google’s anti-spam, the hackers needed to fake Google’s SSL certificates. For the uninitiated, secure socket layer certificates are extra layers of encrypted code which allow for secure connections from web server to web browser, which is supposed to protect all the information being transmitted at that time. SSL certificates are what you use to make “secure” transactions everywhere on the web, from your bank to Amazon to PayPal. You’ll know you’re using an SSL certificate when you go to place a transaction and instead of seeing “ http//:…” in your browser it displays as” https//:…” with a padlock icon in front of the address.
This is not the first or second time Google has been the target of such attacks. In 2011 a Dutch SSL provider, DigiNotar, discovered that fake Google SSL certificates had been issued after a hack of that provider in June of that year. And then again in March of this year Google issued a statement that there were sites using fraudulent SSL certificates in their name. Each time Google worked feverishly to protect their users but for every fake Google certificate created there are untold numbers of faked certificates that are not noticed or only get noticed once sensitive data has been stolen.
As of two weeks ago the pages were still alive and kickin’. Elastica did notify Google who said they were dealing with the problem and working on a solution. But like we saw above this isn’t the first time this has happened and Google isn’t the only one being targeted.
So what’s the take home here?
Trust no one – The internet is full of phishing, malware and spammers, just waiting for some unsuspecting person to click an infected link in an email.
Read each and every email with a grain of salt. Just because it an email says it’s from someone you know, that may not be the case at all.
Most importantly, keep your thinking cap on while you surf the internet. If something seems suspicious, like a strange URL that just seems too long or if all of the sudden your homepage looks a tad different than it did yesterday, don’t turn a blind eye. Inspect it and if need be, find an email address for a contact at the site and alert them of a possible spoof. It may seem like a drastic move but it’s one that could save untold amounts of heartache. It’s a jungle out there so be vigilant and forewarned.
Your secure data will thank you.