InfoSec Blog - OAUTH Authentication Phishing - BEWARE!!! (UPDATED)
May 12, 2017
A new Google Doc App Phishing scam made big news last week. This new scheme of email phishing abuses OAuth authentication, which is an open standard for granting access to websites and services such as Google and Twitter. OAuth authentication has been widely used by third party websites and applications to access user account’s information without passwords. By simply enticing a user to install a malicious app, a hacker could gain full access to that users account.
How This Attack Works
If the targeted user clicks on the button inside the email message to install the app, and then agrees to the requested access, they are hacked!!!
This phishing scheme does not specifically ask users to provide their credentials as with typical phishing emails, but instead tricks users into granting access through the malicious app. Even tech-savvy can be fooled with this OAuth abuse trick. Once compromised, the hackers have full access to the account until the victim removes the application manually from their account.
Tips to protect yourself:
Use caution when clicking on links inside email messages
Only give out necessary account access to third applications downloaded from authenticated websites
Turn off the unauthorized apps connected to your account. For Google and Yahoo, this can be done by looking at an email account's security settings, and revoking access where necessary.
Update - July 19 2017 - Google is adding additional security functionality to combat this type of threat in the future. You can read more about the additional security measures at http://www.zdnet.com/article/google-more-security-prevent-another-docs-phishing-attack/.
Written by: Hanna Guan (Cyber Security Analyst, Information Security)