InfoSec Blog - OAUTH Authentication Phishing - BEWARE!!! (UPDATED)

Phishing

May 12, 2017

A new Google Doc App Phishing scam made big news last week. This new scheme of email phishing abuses OAuth authentication, which is an open standard for granting access to websites and services such as Google and Twitter. OAuth authentication has been widely used by third party websites and applications to access user account’s information without passwords. By simply enticing a user to install a malicious app, a hacker could gain full access to that users account. 

 

How This Attack Works

If the targeted user clicks on the button inside the email message to install the app, and then agrees to the requested access, they are hacked!!!  

Screen Capture of Phishing Email

Screenshot of application install

Screenshot of permission dialog box

 

This phishing scheme does not specifically ask users to provide their credentials as with typical phishing emails, but instead tricks users into granting access through the malicious app. Even tech-savvy can be fooled with this OAuth abuse trick. Once compromised, the hackers have full access to the account until the victim removes the application manually from their account. 

 

Tips to protect yourself:

 

Update - July 19 2017 - Google is adding additional security functionality to combat this type of threat in the future. You can read more about the additional security measures at http://www.zdnet.com/article/google-more-security-prevent-another-docs-phishing-attack/.

 

Written by: Hanna Guan (Cyber Security Analyst, Information Security)