Google lays out its plans to take on next-gen phishing scams
Date:
Thu, 12 May 2022 01:00:28 +0000
Description:
Google will tackle phishing by scaling phishing protections to Docs, Sheets and Slides and auto enrolling users in 2-Step Verification.
FULL STORY ======================================================================
Despite the fact that security technologies continue to improve, phishing persistently remains a threat which is why Google has announced several ways it plans to combat phishing at Google I/O 2022 .
To protect its users against phishing attacks, the search giant is scaling phishing protections to Google Docs , Sheets and Slides while also continuing to auto enroll users in 2-Step Verification.
Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 . Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/10.99.
As businesses and end users have become more aware of the dangers of
phishing, multi-factor authentication ( MFA ) has become a particular focus for cybercriminals. For instance, they often try to phish SMS codes directly by following a legitimate one-time passcode with a spoofed message asking potential victims to reply back with the code you just received.
According to a new blog post from Google, attackers are also leveraging more sophisticated dynamic phishing pages to conduct relay attacks where a user thinks theyre logging into a legitimate site. However, instead of deploying a simple static phishing page that steals a users credentials, attackers deploy a web service that logs into the actual website at the same time that a user is falling for a phishing page.
These kinds of attacks are especially challenging to prevent as
authentication challenges shown to an attacker (like a prompt for an SMS code ) are also relayed to the victim. The victims response is then in turn
relayed back to the real website and the attacker is actually using them to solve any other authentication challenges that may arise. Phishing-resistant authentication
While security keys like Googles own Titan Security Key can prevent phishing by verifying the identity of the website users are logging into, not everyone wants to carry around an additional physical device to log into all of their online accounts.
This is why Google is building this same functionality into Android smartphones and iPhones . Unlike physical FIDO security keys that need to be connected via USB, the search giant uses Bluetooth to ensure a users smartphone is close to the device theyre logging into. This also helps
prevent person in the middle attacks that can still work with SMS codes or Google Prompts. Read More
Another top NFT company has been hit by a phishing attack
LinkedIn is now the most imitated brand by cybercriminals
Cybercriminals are targeting outdated WordPress sites to run phishing ads
At the same time, Google has also been working to make its traditional Google Prompt challenges more phishing resistant by asking users to match a PIN code with what theyre seeing on screen in addition to clicking allow or deny. The company has even begun experimenting with more involved challenges for higher-risk situations when it sees users logging in from a computer that might belong to a phishing or asking users to join the same Wi-Fi network on their phone as the computer theyre logging in from.
With these new phishing protections in place and the right training , both employees and consumers can avoid having their credentials and online
accounts stolen. Get an alert when your personal data shows up online with
the best identity theft protection
======================================================================
Link to news story:
https://www.techradar.com/news/google-lays-out-its-plans-to-take-on-next-gen-p hishing-scams/
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)