Gmail scam: Hackers target users with con that’s elusive even to the trained eye | #emailsecurity | #phishing | #ransomware


Gmail users are being warned to take precautions against falling for a new scam that has targeted almost 30,000 email addresses in just two weeks of April alone.

The phishing emails were spotted by Avanan, a US-based email security firm that deploys AI to protect cloud email and collaboration suites from cyber attacks.

‘Phishing’ is a tactic often used by scammers in emails, text messages or phone calls that convince their victims they’re calling from a big company or public body and trick them into downloading a virus or giving access to their personal data.

Regular phishing emails can be recognised via certain red flags, such as the email address of the sender not matching the email addresses used by the company they are impersonating, or through suspicious-looking links in the email.

But in this latest explosion of attacks, scammers have deployed a new method of tricking the system into displaying an email address different to that of the sender, making the emails appear totally legitimate.

Always be careful to check the email address of the sender and beware of suspicious links in email messages

They’ve done this by exploiting Google’s SMTP (Simple Mail Transfer Protocol) relay service that the company uses to send out mass emails.

According to Avanan, scammers have discovered that they can spoof companies if those companies have set their DMARC policy to ‘none’.

DMARC, which stands for Domain-based Message Authentication, Reporting & Conformance, is an email authentication protocol which lets domain owners decide what action to take when an email is impersonating them. Cyber security experts recommend strict DMARC policies as it helps stop bad actors from imitating domains.

This tactic not only tricks victims into believing the emails they have received are official, but also tricks systems set up to detect and filter spam emails as well.

On their website Avanan said: “An SMTP relay service can be a valuable service for organizations that like to send out mass emails. Many organisations offer this service. Gmail does as well, with the ability to route outgoing non-Gmail messages through Google.

“However, these relay services have a flaw. Within Gmail, any Gmail tenant can use it to spoof any other Gmail tenant. That means that a hacker can use the service to easily spoof legitimate brands and send out phishing and malware campaigns. When the security service sees avanan.com coming into the inbox, and it’s a real IP address from Gmail’s IP, it starts to look more legitimate.

“Starting in April 2022, Avanan researchers have seen a massive uptick of these SMTP Relay Service Exploit attacks in the wild, as threat actors use this service to spoof any other Gmail tenant and begin sending out phishing emails that look legitimate. Over a span of two weeks, Avanan has seen nearly 30,000 of these emails.”

Speaking to technology news portal Bleeping Computer, a Google spokesperson said: “We have built-in protections to stop this type of attack. This research speaks to why we recommend users across the ecosystem use the Domain-based Message Authentication, Reporting & Conformance (DMARC) protocol. Doing so will defend against this attack method, which is a well-known industry issue.”





Original Source link

Leave a Reply

Your email address will not be published.

twenty six + = thirty two