OAuth abuse looks convincing, but is a user registered with a fake account
You just can't trust anyone these days, not even an official looking notification hosted on Google's own domains: A recent attack used a legitimate looking OAth request to get folks to hand over the keys to their email castle.
The invitiation came disguised as a shared Google Doc invitation:
from Sophisticated Google Docs phishing scam goes viral
No comments:
Post a Comment