On May 3rd, a phishing campaign was launched where emails were sent to many corporate Google accounts. The emails contained a fake Google Docs link to grant permissions. When the recipient granted permission, the attack began sending out similar messages to the user’s contact list.
Google took remediation actions, however, the possibility still exists for a similar attack to happen again. The underlying mechanism for this attack was Google’s authentication standard, which is also used by many other popular websites, such as Facebook and Twitter.
Although this particular attack wasn’t malicious, it could have turned that way, and similar campaigns can be used maliciously.
These types of campaigns serve to further legitimize regular security awareness training. It isn’t a matter of if, but when the next malicious attack occurs.
Don’t solely rely on technology – end users need to know warning signs. Coordinate with your technology provider to set up security awareness training for your staff.
You may also like...