“Phishing” is a part of the 21st-century web. As anyone who’s used Facebook can testify, users plainly can and do fall for fake links, sites, or applications that then take over all or a portion of their account. When it comes to a normal email account or Facebook profile, phishing serves primarily as an annoyance; users may temporarily lose access to their account and the fake link may be propagated through their profile. But a recent phishing attack in Google’s Gmail contains a much greater threat thanks to the targets in question: U.S. officials, U.S. military leaders, Chinese human rights activists, Asian military officials, and journalists.
These attacks seem to be using an approach known as “spear phishing,” wherein the users receive a highly personalized message that contains images that are virtually identical to those found on the actual Gmail servers. Once a user falls for a single phishing attempt, the phishing group can then use the information they find in the user’s inbox to further personalize messages. Beyond scoping for personal information, phishers created forwarding rules that sent a copy of all incoming mail to an external address.
Exactly what information was compromised is uncertain, but it is thought that the attacks originated from Jinan, China. The set of targets as well as the general point of origin call back to the January 2010 attacks on the Gmail accounts of Chinese human rights activists. That attack, rather than using advanced phishing techniques, exploited Google security holes. The attacks on Google accounts was cited as one of the reasons for Google leaving China.
In Google’s statement on the attack, a representative stated, “Google detected and has disrupted this campaign to take users’passwords and monitor their emails. Company officials have alerted the victims and […] relevant government authorities.” Google then provides suggestions for avoiding such phishing attempts, which (beyond approaching any messages with a skeptical eye) includes improving password strength, using 2-step verification, Google Chrome security features, and the Google-provided warning labels on suspicious emails.
[via The Register]
