Google Ratchets Up OAuth Policies in Wake of Phishing Attacks

  /     /     /  
Publicated : 22/11/2024   Category : security

Google Ratchets Up OAuth Policies in Wake of Phishing Attacks


Google says it responded to the widespread Google Docs phishing campaign within one hour of detecting it.


Google has tightened up its policies surrounding OAuth third-party authentication-sharing after last weeks mass phishing campaign that the search engine giant says affected less than 0.1% of its users. 
The attacks
sent victims an email posing as an invite to a Google Doc from one of their own contacts and requesting access to their Google account. If the user allowed access, his or her contacts list was then sent the same phish. The attack abuses OAuth, a standard method of allowing third-party apps access to an online account.
Google in a blog post on Friday said it responded to the attacks within an hour of detecting them. We removed fake pages and applications, and pushed user-protection updates through Safe Browsing, Gmail, Google Cloud Platform, and other counter-abuse systems, Mark Risher, Googles director of counter abuse technology, wrote.
In addition, were taking multiple steps to combat this type of attack in the future, including updating our policies and enforcement on OAuth applications, updating our anti-spam systems to help prevent campaigns like this one, and augmenting monitoring of suspicious third-party apps that request information from our users, he said.
Affected Google accounts have since been recovered and locked down, according to Google. 
For more details on Googles actions and recommendations, read the blog post
here
.
 

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
Google Ratchets Up OAuth Policies in Wake of Phishing Attacks