internal corporate travel and expenses systems to steal personal details from the victims they target . While cybercriminals using the lure of fake travel itineraries to d upe Attack.Phishingstaff working in sectors reliant on shipping goods or employee travel is n't new , researchers have uncovered a particularly advanced p hishing attack.Attack.PhishingDiscovered by cybersecurity researchers at Barracuda Networks , this airline p hishing attack Attack.Phishinguses a variety of techniques to capture sensitive data from victims and deploy an advanced persistent threat . The email from the attacker i mpersonates Attack.Phishinga travel agency or an employee in the target 's own HR or finance department . The email 's subject line c laims Attack.Phishingit 's a forwarded message about a flight confirmation , stating the airline , the destination , and the price of the flight . All three of these elements are carefully researched by the attackers , who select them specifically according to the target , in order to make the email look legitimate in context of the company and the email recipient . Taking the time to t ailor Attack.Phishingphishing emails in this way works : these messages are opened 90 percent of the time , one of the highest success rates for p hishing attacks,Attack.Phishingaccording to Barracuda . Once opened , the email presents the target with an attachment in the form of a PDF or Microsoft Word document . The attachment p urports to be Attack.Phishinga flight confirmation or receipt but , of course , it 's neither of these things . When the target opens the attachment , the malware runs immediately , dropping an advanced persistent threat into the network , and enabling the attacker to stealthily monitor the infected organisation -- likely with the aim conducting espionage and s tealing Attack.Databreachdata . Another variant of t his attack Attack.Phishingwhich , instead of dropping malware to stealthily steal data , uses phishing links to directly take sensitive information from the victim . These phishing links are ultimately designed to t rick Attack.Phishingthe victim into supplying sensitive corporate credentials , which the attackers will then use to infiltrate the company network , databases , and emails in order to s teal Attack.Databreachinformation . Cybersecurity researchers warn that the combined use of impersonation , malware , and p hishing Attack.Phishingis particularly dangerous because these methods complement one another , enabling the attacker to essentially gain control of the network . At this stage , the attackers can stealthily conduct espionage or even drop additional malware and ransomware . Sometimes it can be very difficult to identify a phishing email , but the likes of sandboxing and advanced persistent threat prevention combined with employee training and awareness can increase the chances of preventing attacks from compromising the network
For almost six years , Google knew about the exact technique that someone used to t rick Attack.Phishingaround one million people into giving away access to their Google accounts to hackers on Wednesday . Even more worrisome : other hackers might have known about this technique as well . On October 4 , 2011 , a researcher speculated in a mailing list that hackers could t rick Attack.Phishingusers into giving them access to their accounts by simply p osing as Attack.Phishinga trustworthy app . This attack , the researcher argued in the message , hinges on c reating Attack.Phishinga malicious application and registering it on the OAuth service under a name like `` Google , '' exploiting the trust that users have in the OAuth authorization process . OAuth is a standard that allows users to grant websites or applications access to their online email and social networking accounts , or parts of their accounts , without giving up their passwords . It is commonly used throughout the web , and typically shows up as a menu that lets you select which of your personal accounts ( such as your Google or Facebook account ) you want to use to sign into or connect to another service . If that sounds really familiar , is because that 's pretty much exactly how someone t ricked Attack.Phishingaround one million people into giving up full access to their Google accounts to a malicious app named `` Google Doc . '' The viral , `` d ynamite phishing"Attack.Phishingscheme ripped through the internet on Wednesday for around an hour before Google shut down the malicious app and its infrastructure . ( We 're calling it `` d ynamite phishing"Attack.Phishingbecause it 's basically the digital equivalent of the real thing—a way to catch a bunch of users with a single blast . ) As it turns out , DeMarre c laims Vulnerability-related.DiscoverVulnerabilityhe w arned Vulnerability-related.DiscoverVulnerabilityGoogle directly about this vulnerability in 2012 , and s uggested Vulnerability-related.DiscoverVulnerabilitythat Google a ddress Vulnerability-related.PatchVulnerabilityit by checking to see ensure the name of any given app matched the URL of the company behind it . In a Hacker News post , DeMarre s aid Vulnerability-related.DiscoverVulnerabilityhe r eported Vulnerability-related.DiscoverVulnerabilitythis attack vector back then , and got a `` modest bounty '' for it . `` I 'm a little surprised it has taken so long for a worm like this one to get attention , '' DeMarre told Motherboard . A few months after he r eported Vulnerability-related.DiscoverVulnerabilitythe issue , DeMarre s aid Vulnerability-related.DiscoverVulnerabilityGoogle told him the following : `` We 're deploying some abuse detection and reactive measures to deal with impostors that might try to abuse this sort of attack . Given this , we do not intend to perform validation that the URL matches the branding information . '' DeMarre criticized Google 's decision not to perform the URL validation , which was one of his suggestions to mitigate the risks . The researcher also theorized this could be easily turned into a worm , foreshadowing this week 's attack . `` [ If the ] service is a social platform , the client app might distribute links using resource owners ' accounts with the access tokens it has acquired , becoming a sort of worm , '' DeMarre wrote . Fast forward five years , and someone m imicked Attack.PhishingDeMarre 's technique , c reating Attack.Phishinga malicious Google Doc app that t ricked Attack.Phishingmillions . A similar technique has also been previously used by the Russian hacking group known as APT28 or Fancy Bear . It 's possible someone else used the same technique in the last five years , without getting caught . The reason Wednesday 's d ynamite phishing campaign Attack.Phishingwas caught and disabled quickly was because it spread so quickly and affected major media companies , which rapidly reported on the news . It effect , it was so extremely virulent that its success contributed to its downfall .