A massive phishing campaign Attack.Phishing took place today , but Google 's security staff was on hand and shut down the attacker 's efforts within an hour after users first reported the problem on Reddit . According to multiple reports on Twitter , the attacks Attack.Phishing first hit Attack.Phishing journalists , businesses , and universities , but later spread to many other users as well . The attack itself was quite clever if we can say so ourselves . Victims received Attack.Phishing a legitimate ( non-spoofed ) email from one of their friends , that asked them to click on a button to receive access to a Google Docs document . If users clicked the button , they were redirected to the real Google account selection screen , where a fake app titled Attack.Phishing `` Google Docs '' ( not the real one ) asked the user 's permission to authorize it to access the shared document . In reality , the app only wanted access to the user 's Gmail inbox and contact list . After gaining access Attack.Databreach to these details , the fake app copied the user 's contact list and sent Attack.Phishing a copy of itself to the new set of targets , spreading itself to more and more targets . The email was actually sent Attack.Phishing to `` hhhhhhhhhhhhhhhh @ mailinator.com , '' with the user 's email address added as BCC . Following the incident , Mailinator intervened and blocked any new emails from arriving into that inbox . Because of this self-replicating feature , the phishing attack Attack.Phishing spread like wildfire in a few minutes , just like the old Samy worm that devasted MySpace over a decade ago . Fortunately , one Google staff member was visting the /r/Google Reddit thread , and was able to spot a trending topic detailing the phishing campaign Attack.Phishing . The Google engineer forwarded the Reddit thread to the right person , and within an hour after users first complained about the issue , Google had already disabled the fake app 's ability to access the Google OAuth screen . Later on , as engineers had more time to investigate the issue , Google issued the following statement : We have taken action to protect users against an email impersonating Attack.Phishing Google Docs & have disabled offending accounts . We ’ ve removed the fake pages , pushed Vulnerability-related.PatchVulnerability updates through Safe Browsing , and our abuse team is working to prevent this kind of spoofing Attack.Phishing from happening again . We encourage users to report phishing emails in Gmail . There are no reports that malware was deployed in the phishing attack Attack.Phishing . Cloudflare was also quick to take down all the domains associated with the phishing attack Attack.Phishing . Users that clicked on the button inside the phishing email can go to the https : //myaccount.google.com/permissions page and see if they granted the app permission to access their account . The real Google Docs is n't listed in this section , as it does not need permissions , being an official Google property .

A massive phishing campaign Attack.Phishing took place today , but Google 's security staff was on hand and shut down the attacker 's efforts within an hour after users first reported the problem on Reddit . According to multiple reports on Twitter , the attacks Attack.Phishing first hit Attack.Phishing journalists , businesses , and universities , but later spread to many other users as well . The attack itself was quite clever if we can say so ourselves . Victims received Attack.Phishing a legitimate ( non-spoofed ) email from one of their friends , that asked them to click on a button to receive access to a Google Docs document . If users clicked the button , they were redirected to the real Google account selection screen , where a fake app titled Attack.Phishing `` Google Docs '' ( not the real one ) asked the user 's permission to authorize it to access the shared document . In reality , the app only wanted access to the user 's Gmail inbox and contact list . After gaining access Attack.Databreach to these details , the fake app copied the user 's contact list and sent Attack.Phishing a copy of itself to the new set of targets , spreading itself to more and more targets . The email was actually sent Attack.Phishing to `` hhhhhhhhhhhhhhhh @ mailinator.com , '' with the user 's email address added as BCC . Following the incident , Mailinator intervened and blocked any new emails from arriving into that inbox . Because of this self-replicating feature , the phishing attack Attack.Phishing spread like wildfire in a few minutes , just like the old Samy worm that devasted MySpace over a decade ago . Fortunately , one Google staff member was visting the /r/Google Reddit thread , and was able to spot a trending topic detailing the phishing campaign Attack.Phishing . The Google engineer forwarded the Reddit thread to the right person , and within an hour after users first complained about the issue , Google had already disabled the fake app 's ability to access the Google OAuth screen . Later on , as engineers had more time to investigate the issue , Google issued the following statement : We have taken action to protect users against an email impersonating Attack.Phishing Google Docs & have disabled offending accounts . We ’ ve removed the fake pages , pushed Vulnerability-related.PatchVulnerability updates through Safe Browsing , and our abuse team is working to prevent this kind of spoofing Attack.Phishing from happening again . We encourage users to report phishing emails in Gmail . There are no reports that malware was deployed in the phishing attack Attack.Phishing . Cloudflare was also quick to take down all the domains associated with the phishing attack Attack.Phishing . Users that clicked on the button inside the phishing email can go to the https : //myaccount.google.com/permissions page and see if they granted the app permission to access their account . The real Google Docs is n't listed in this section , as it does not need permissions , being an official Google property .

A massive phishing campaign Attack.Phishing took place today , but Google 's security staff was on hand and shut down the attacker 's efforts within an hour after users first reported the problem on Reddit . According to multiple reports on Twitter , the attacks Attack.Phishing first hit Attack.Phishing journalists , businesses , and universities , but later spread to many other users as well . The attack itself was quite clever if we can say so ourselves . Victims received Attack.Phishing a legitimate ( non-spoofed ) email from one of their friends , that asked them to click on a button to receive access to a Google Docs document . If users clicked the button , they were redirected to the real Google account selection screen , where a fake app titled Attack.Phishing `` Google Docs '' ( not the real one ) asked the user 's permission to authorize it to access the shared document . In reality , the app only wanted access to the user 's Gmail inbox and contact list . After gaining access Attack.Databreach to these details , the fake app copied the user 's contact list and sent Attack.Phishing a copy of itself to the new set of targets , spreading itself to more and more targets . The email was actually sent Attack.Phishing to `` hhhhhhhhhhhhhhhh @ mailinator.com , '' with the user 's email address added as BCC . Following the incident , Mailinator intervened and blocked any new emails from arriving into that inbox . Because of this self-replicating feature , the phishing attack Attack.Phishing spread like wildfire in a few minutes , just like the old Samy worm that devasted MySpace over a decade ago . Fortunately , one Google staff member was visting the /r/Google Reddit thread , and was able to spot a trending topic detailing the phishing campaign Attack.Phishing . The Google engineer forwarded the Reddit thread to the right person , and within an hour after users first complained about the issue , Google had already disabled the fake app 's ability to access the Google OAuth screen . Later on , as engineers had more time to investigate the issue , Google issued the following statement : We have taken action to protect users against an email impersonating Attack.Phishing Google Docs & have disabled offending accounts . We ’ ve removed the fake pages , pushed Vulnerability-related.PatchVulnerability updates through Safe Browsing , and our abuse team is working to prevent this kind of spoofing Attack.Phishing from happening again . We encourage users to report phishing emails in Gmail . There are no reports that malware was deployed in the phishing attack Attack.Phishing . Cloudflare was also quick to take down all the domains associated with the phishing attack Attack.Phishing . Users that clicked on the button inside the phishing email can go to the https : //myaccount.google.com/permissions page and see if they granted the app permission to access their account . The real Google Docs is n't listed in this section , as it does not need permissions , being an official Google property .

The attack was discovered when the perpetrators attempted a fraudulent wire transfer of money . A link has been posted to your Facebook feed . A phishing email attack Attack.Phishing potentially compromised the accounts of as many as 18,000 current and former employees of media company Gannett Co. As of Tuesday there was no indication of access Attack.Databreach to or acquisition of any sensitive personal data from employees ’ accounts , said the company . Gannett Co. ( GCI ) is the owner of USA TODAY , the publisher of this report , and 109 local news properties across the United States . The attack was discovered on March 30 and investigated by Gannett ’ s cybersecurity team . It appeared to originate in emails to human resources staff . The 18,000 current and former employees of the company will be sent notices about the incident and offer of credit monitoring via the US Postal Service . No customer account information was touched Attack.Databreach by the phishing attack Attack.Phishing . They will be provided with an offer of credit monitoring because employee information was potentially available through some of the affected account login credentials before the accounts were locked down . Phishing attacks Attack.Phishing are a common method used by attackers to infiltrate computer networks . They typically consist of faked emails sent to Attack.Phishing an employee that entice Attack.Phishing them to click on a link that unleashes malicious software that can compromise Attack.Databreach their computer accounts . Once in a network , attackers can then leapfrog to other accounts , working their way deeper into the system . In the Gannett attack , the infiltration was discovered when the perpetrator attempted to use a co-opted account for a fraudulent corporate wire transfer request . The attempt was identified by Gannett 's finance team as suspicious and was unsuccessful .

But sometimes that simple precaution is n't enough . A case in point is a dangerous phishing technique targeting Gmail users that first surfaced about one year ago but has begun gaining steam in recent weeks . Wordfence , the maker of a security plugin for Wordpress , described the phishing attack Attack.Phishing as beginning with an adversary sending Attack.Phishing an email to a target ’ s Gmail account . The email typically will originate from someone on the recipient ’ s contact list whose own account had previously been compromised . The email comes with a subject header and a screenshot or image of an attachment that the sender has used in a recent communication with the recipient . When the recipient clicks on the image , a new tab opens with a prompt asking the user to sign into Gmail again . The fully functional phishing page is designed to look exactly like Attack.Phishing Google ’ s page for signing into Gmail . The address bar for the page includes mention of accounts.google.com , leading unwary users to believe the page is harmless , Wordfence CEO Mark Maunder wrote . `` Once you complete sign-in , your account has been compromised , '' he said . In reality , the fake login page that opens up Attack.Phishing when a user clicks on the image is actually an inline file created using a scheme called Data URI . When users enter their Gmail username and password on the page , the data is sent to the attacker . The speed at which the attackers sign into a compromised account suggest that the process may be automated , or that they may have a team standing by to access accounts as they get compromised . `` Once they have access to your account , the attacker also has full access to all your emails including sent and received at this point and may download the whole lot , '' Maunder said . What makes the phishing technique dangerous is the way the address bar displays Attack.Phishing information when users click on the screenshot of the attachment , he told Dark Reading . In this case , by including the correct host name and “ https// ” in the address bar , the attackers appear to be Attack.Phishing having more success fooling Attack.Phishing victims into entering their credential data on the fake Gmail login page , he says . Instead , all of the content in the address bar is of the same color and is designed to convince users that the site is harmless . `` If you aren ’ t paying close attention , you will ignore the ‘ data : text/html ’ preamble and assume the URL is safe . '' Google said in a statement that it 's working on mitigations to such an attack . `` We 're aware of this issue and continue to strengthen our defenses against it , '' Google said . `` We help protect users from phishing attacks Attack.Phishing in a variety of ways , including : machine learning based detection of phishing messages , Safe Browsing warnings that notify users of dangerous links in emails and browsers , preventing suspicious account sign-ins , and more . Users can also activate two-step verification for additional account protection . '' Users can also mitigate the risk of their accounts being compromised via phishing Attack.Phishing by enabling two-factor authentication . `` What makes this unique is the fact that none of the traditional browser indicators that would identify a possible fraudulent site are present , '' says Robert Capps , vice president of business development at NuData Security . The attack underscores the need for Web browser makers to rethink the trust signals they use to inform users about a danger webpage or exploit . `` How users interpret these signals should be thoroughly understood , '' he says . `` Entraining users to rely on signals may have unintended consequences that attackers can use to exploit customers .

Where there ’ s a will , there ’ s a way , and scammers are finding increasingly cunning ways to capitalise on the reach and popularity of the world ’ s global brands . This time PayPal is the target , according to Proofpoint . The company recently discovered a phishing email message which looked like Attack.Phishing a benign PayPal login , but in reality it was a “ very well crafted ” phishing webpage . The page is available in multiple languages , which makes it seem all the more legitimate and across many different regions . Behind the scenes , the phishing attack Attack.Phishing turned out to be complex and sophisticated , and Proofpoint says those are the real innovations . The phishing Attack.Phishing attempts feature embedded URLs that direct users to the fake PayPal login . This is done using a decommissioned PayPal service that allows a person to buy a gift card from a user . The phishing attack Attack.Phishing then starts with a ‘ reassuring welcome page ’ , Proofpoint says . Users are then asked to confirm the credit card information . After the phishing kit validates the card , it asks users to enter security information about the card , the link to their bank account and details and identification . Proofpoint says that the particular phishing kit shows how ‘ crimeware as a service ’ is rapidly advancing , and will become a more common technique . Proofpoint says it has notified PayPal of the phishing campaign Attack.Phishing and the findings