
Elastica’s Cloud Threat Lab has detected a phishing campaign that could trick you into giving your Google credentials to a hacker. Elastica says that they discovered a sophisticated phishing campaign that has circumvented Google’s Spam Engine, which has tricked many Gmail and Google Drive users into giving up their credentials.
The exploit works by implementing compromised websites and javascript code. The user believes that they are logging into Google Drive and in many cases, that login could become successful. On the back end, hackers can retrieve the compromised username and password of your Google account in plain text which can then be used for malicious purposes.
Elastica’s researchers say that the reason Google’s Spam Engine didn’t filter these emails out is because the emails originated from a legitimate Google account. The URLs inside the links that were being sent out in the phishing campaign passed through the Google Spam Engine undetected since the base URL being sent out was “Googledrive.com.”
“In this particular incident, attackers were able to circumvent tight security controls and target Google users specifically to gain access to a multitude of services associated with Google accounts,” says Dr. Aditya K Sood, an architect at Elastica Cloud Threat Labs.
“While the cloud offers unprecedented benefits to its users, it is challenging the traditional security model and necessitating a modern, flexible security stack designed to provide protection in a perimeterless world,” Dr. Sood added.
At the time of this writing, Google has not issued a statement on this potential security vulnerability. It is also worth noting that Elastica says that this vulnerability still exists, although the flaw was reported Google nearly two weeks ago.
The Elastica blog has written an in-depth article that completely breaks down the nuts and bolts of this exploit. If you believe you were impacted this phishing scam, it might be a good idea to begin changing all of your passwords and taking inventory of any other accounts that may have been associated with your potentially compromised Google account.