One of two Nigerians who admitted to being part of a conspiracy to steal Attack.Databreach personal information from Vermont state employees and other U.S. residents was sentenced . Tuesday in Rutland federal court to time served , or 14 months in jail . Osariemen Isibor , 32 , pleaded guilty in U.S. District Court in March to conspiracy to commit wire fraud . Another man , Eneye Dania , 31 , also pleaded guilty in March to being part of the same conspiracy . Last week , Dania was sentenced to serve 17 months in jail . Dania has been held in jail for about 14 months . While Isibor 's prison sentence on the charge is complete and Dania 's will be soon , neither is expected to be released . Instead , both are expected to be turned over to the custody of Immigration and Customs Enforcement before being deported to Nigeria . According to court records , the goal of the conspiracy was “ fooling Attack.Phishing United States residents … into sending the logon information they used to access Attack.Databreach their IRS form W-2 data from their employer 's website to another website designed to look like Attack.Phishing their employer 's human resources page but actually operated by the conspiracy to collect this data ” . Once people entered their information into the fake website , the conspirators attempted to trick Attack.Phishing the IRS into sending tax refunds to the conspirators , but prosecutors said fraud detection controls put in place by the IRS “ caused most , if not all , such fraudulent tax returns to be rejected ” .

Google has stopped Wednesday ’ s clever email phishing scheme Attack.Phishing , but the attack may very well make a comeback . One security researcher has already managed to replicate it , even as Google is trying to protect users from such attacks . “ It looks exactly like Attack.Phishing the original spoof Attack.Phishing , ” said Matt Austin , director of security research at Contrast Security . The phishing scheme Attack.Phishing -- which may have circulated Attack.Phishing to 1 million Gmail users -- is particularly effective because it fooled Attack.Phishing users with a dummy app that looked like Attack.Phishing Google Docs . Recipients who received Attack.Phishing the email were invited to click a blue box that said “ Open in Docs. ” Those who did were brought to an actual Google account page that asks them to handover Gmail access to the dummy app . While fooling Attack.Phishing users with spoofed emails is nothing new , Wednesday ’ s attack involved an actual third-party app made with real Google processes . The company ’ s developer platform can enable anyone to create web-based apps . In this case , the culprit chose to name the app “ Google Docs ” in an effort to trick Attack.Phishing users . The search company has shut down the attack by removing the app . It ’ s also barred other developers from using “ Google ” in naming their third-party apps . More traditional phishing email schemes Attack.Phishing can strike by tricking Attack.Phishing users into giving up their login credentials . However , Wednesday ’ s attack takes a different approach and abuses what ’ s known as the OAuth protocol , a convenient way for internet accounts to link with third-party applications . Through OAuth , users don ’ t have to hand over any password information . They instead grant permission so that one third-party app can connect to their internet account , at say , Google , Facebook or Twitter . But like any technology , OAuth can be exploited . Back in 2011 , one developer even warned that the protocol could be used in a phishing attack Attack.Phishing with apps that impersonate Attack.Phishing Google services . Nevertheless , OAuth has become a popular standard used across IT . CloudLock has found that over 276,000 apps use the protocol through services like Google , Facebook and Microsoft Office 365 . For instance , the dummy Google Docs app was registered to a developer at eugene.pupov @ gmail.com -- a red flag that the product wasn ’ t real . However , the dummy app still managed to fool Attack.Phishing users because Google ’ s own account permission page never plainly listed the developer ’ s information , unless the user clicks the page to find out , Parecki said . “ I was surprised Google didn ’ t show much identifying information with these apps , ” he said . “ It ’ s a great example of what can go wrong. ” Rather than hide those details , all of it should be shown to users , Parecki said . Austin agreed , and said apps that ask for permission to Gmail should include a more blatant warning over what the user is handing over . “ I ’ m not on the OAuth hate bandwagon yet . I do see it as valuable , ” Austin said . “ But there are some risks with it. ” Fortunately , Google was able to quickly foil Wednesday ’ s attack , and is introducing “ anti-abuse systems ” to prevent it from happening again . Users who might have been affected can do a Google security checkup to review what apps are connected to their accounts . The company ’ s Gmail Android app is also introducing a new security feature to warn users about possible phishing attempts Attack.Phishing . It 's tempting Attack.Phishing to install apps and assume they 're safe . But users and businesses need to be careful when linking accounts to third-party apps , which might be asking for more access than they need , Cloudlock 's Kaya said . `` Hackers have a headstart exploiting this attack , '' she said . `` All companies need to be thinking about this . ''

But sometimes that simple precaution is n't enough . A case in point is a dangerous phishing technique targeting Gmail users that first surfaced about one year ago but has begun gaining steam in recent weeks . Wordfence , the maker of a security plugin for Wordpress , described the phishing attack Attack.Phishing as beginning with an adversary sending Attack.Phishing an email to a target ’ s Gmail account . The email typically will originate from someone on the recipient ’ s contact list whose own account had previously been compromised . The email comes with a subject header and a screenshot or image of an attachment that the sender has used in a recent communication with the recipient . When the recipient clicks on the image , a new tab opens with a prompt asking the user to sign into Gmail again . The fully functional phishing page is designed to look exactly like Attack.Phishing Google ’ s page for signing into Gmail . The address bar for the page includes mention of accounts.google.com , leading unwary users to believe the page is harmless , Wordfence CEO Mark Maunder wrote . `` Once you complete sign-in , your account has been compromised , '' he said . In reality , the fake login page that opens up Attack.Phishing when a user clicks on the image is actually an inline file created using a scheme called Data URI . When users enter their Gmail username and password on the page , the data is sent to the attacker . The speed at which the attackers sign into a compromised account suggest that the process may be automated , or that they may have a team standing by to access accounts as they get compromised . `` Once they have access to your account , the attacker also has full access to all your emails including sent and received at this point and may download the whole lot , '' Maunder said . What makes the phishing technique dangerous is the way the address bar displays Attack.Phishing information when users click on the screenshot of the attachment , he told Dark Reading . In this case , by including the correct host name and “ https// ” in the address bar , the attackers appear to be Attack.Phishing having more success fooling Attack.Phishing victims into entering their credential data on the fake Gmail login page , he says . Instead , all of the content in the address bar is of the same color and is designed to convince users that the site is harmless . `` If you aren ’ t paying close attention , you will ignore the ‘ data : text/html ’ preamble and assume the URL is safe . '' Google said in a statement that it 's working on mitigations to such an attack . `` We 're aware of this issue and continue to strengthen our defenses against it , '' Google said . `` We help protect users from phishing attacks Attack.Phishing in a variety of ways , including : machine learning based detection of phishing messages , Safe Browsing warnings that notify users of dangerous links in emails and browsers , preventing suspicious account sign-ins , and more . Users can also activate two-step verification for additional account protection . '' Users can also mitigate the risk of their accounts being compromised via phishing Attack.Phishing by enabling two-factor authentication . `` What makes this unique is the fact that none of the traditional browser indicators that would identify a possible fraudulent site are present , '' says Robert Capps , vice president of business development at NuData Security . The attack underscores the need for Web browser makers to rethink the trust signals they use to inform users about a danger webpage or exploit . `` How users interpret these signals should be thoroughly understood , '' he says . `` Entraining users to rely on signals may have unintended consequences that attackers can use to exploit customers .