How To Avoid Scams Like This
Cybercriminals are abusing Google’s infrastructure, creating emails that appear to come from Google in order to persuade people into handing over their Google account credentials. This attack, first flagged by Nick Johnson, the lead developer of the Ethereum Name Service (ENS), a blockchain equivalent of the popular internet naming convention known as the Domain Name System (DNS). Nick received a very official looking security alert about a subpoena allegedly issued to Google by law enforcement to information contained in Nick’s Google account. A URL in the email pointed Nick to a sites.google.com page that looked like an exact copy of the official Google support portal.
As a computer savvy person, Nick spotted that the official site should have been hosted on accounts.google.com and not sites.google.com. The difference is that anyone with a Google account can create a website on sites.google.com. And that is exactly what the cybercriminals did. Attackers increasingly use Google Sites to host phishing pages because the domain appears trustworthy to most users and can bypass many security filters. One of those filters is DKIM (DomainKeys Identified Mail), an email authentication protocol that allows the sending server to attach a digital signature to an email. If the target clicked either “Upload additional documents” or “View case”, they were redirected to an exact copy of the Google sign-in page designed to steal their login credentials. Your Google credentials are coveted prey, because they give access to core Google services like Gmail, Google Drive, Google Photos, Google Calendar, Google Contacts, Google Maps, Google Play, and YouTube, but also any third-party apps and services you have chosen to log in with your Google account. The signs to recognize this scam are the pages hosted at sites.google.com which should have been support.google.com and accounts.google.com and the sender address in the email header. Although it was signed by accounts.google.com, it was emailed by another address. If a person had all these accounts compromised in one go, this could easily lead to identity theft.
How to avoid scams like this
Don’t follow links in unsolicited emails or on unexpected websites.
Carefully look at the email headers when you receive an unexpected mail.
Verify the legitimacy of such emails through another, independent method.
Don’t use your Google account (or Facebook for that matter) to log in at other sites and services. Instead create an account on the service itself.
Technical details Analyzing the URL used in the attack on Nick, (https://sites.google.com[/]u/17918456/d/1W4M_jFajsC8YKeRJn6tt_b1Ja9Puh6_v/edit) where /u/17918456/ is a user or account identifier and /d/1W4M_jFajsC8YKeRJn6tt_b1Ja9Puh6_v/ identifies the exact page, the /edit part stands out like a sore thumb. DKIM-signed messages keep the signature during replays as long as the body remains unchanged. So if a malicious actor gets access to a previously legitimate DKIM-signed email, they can resend that exact message at any time, and it will still pass authentication. So, what the cybercriminals did was: Set up a Gmail account starting with me@ so the visible email would look as if it was addressed to “me.” Register an OAuth app and set the app name to match the phishing link Grant the OAuth app access to their Google account which triggers a legitimate security warning from no-reply@accounts.google.com This alert has a valid DKIM signature, with the content of the phishing email embedded in the body as the app name. Forward the message untouched which keeps the DKIM signature valid. Creating the application containing the entire text of the phishing message for its name, and preparing the landing page and fake login site may seem a lot of work. But once the criminals have completed the initial work, the procedure is easy enough to repeat once a page gets reported, which is not easy on sites.google.com. Nick submitted a bug report to Google about this. Google originally closed the report as ‘Working as Intended,’ but later Google got back to him and said it had reconsidered the matter and it will fix the OAuth bug.
More Posts from Sumactic and Others
Fighting the demons (urge to rewrite Topsoil)
what if ranked was competitive figure skating and playoffs was the grand prix
tbh ranked just thrives in any competitive setting AU (who would've thought, competitive game applies well to other competitive settings)
also theres so much potential for angst & hurt/comfort :3 i would add character notes but all i have is vague thoughts rattling around in my head making me go insane
pretentious moment incoming but why is everyone's idea of fashion so fucking boring these days. why the fuck did my manager just ask me "what's with the scarf". "what's with the scarf" fuck man do I need a reason to wear a faggy little scarf now? you could just say "nice scarf man". what's with your attitude
i love you visible brushstrokes. i love you glue warped scrapbook pages. i love you awkward poems. i love you junk journal with faded receipts. i love you poorly composed journal layout. I love you unintentionally blurry photographs. i love you asymmetrical beading. i love you curling freeform crochet. i love you fingerprints on pottery. i love you reused materials. i love you improvised instruments. i love you mistakes. i love you bravery to make it anyway. i love you creativity that hasn't been wiped clean of every drop of humanity and sanitized and commodified.
With more and more Ao3 authors restricting their works to the archive (due to AI scraping), they're going to be losing guest interaction. And probably generally feeling down because. You know. AI is stealing their hard work.
So! Now is a great time to stop by your favorite authors/stories and drop them some comments! They really appreciate it!
i used to have this dried ghast that i would pour milk on and suck the milk back out of and it was sopping wet all the time 😭i used to slam it against walls and it would make a loud thud
AND DO YOU HAVE ANY MCSR FIC RECS. FORGOT TO ASK
thank you for the asks! i mostly do my mcsr stuff on my sideblog but since you’re here anon i do have a few (and i will get to the other ask in a bit) i hope you don't mind incomplete fics, because i have quite a few of those in here. anyways, in no particular order:
A Field Guide to Speedrunners by loanword. honestly you should go and read all of tri's stuff but this is the fic that got me. snappy writing style and a great grasp on characterization
Grave Digging by sumactic is an ongoing fic in their pjo au and i am so fascinated by what is going on with their nerdi and k4. good writing and a very interesting dynamic and i cant wait to see more
into this world in wonder from a starlight sky by confusedkestrel is a fun read and i love how they wrote the dynamic between poundy and fein. you should go read all of their mcsr fics tbh
coffee beans, fein-ly ground by igneousarchive and *megamind meme* no villains? by justpressX are two (unrelated) oneshots that i thought were fun.
[FILE: FALLEN ANGEL ET AL VS. SHOCKWAVE ET AL] by weareallstardustfallen is set in a superhero au and also makes use of mixed-media (or, text-based simulations of it), which i am always a big fan of
and now, time for a bit of hashtag self promo but my current ongoing series is outfished. its an au making use of my oc universe setting and can best be described as a modern-day fantasy with a focus on worldbuilding and intrigue. i also play around a bit with css formatting and in-universe documents if you're into that sort of thing.
there's a lot of good fics out there in the tag that i haven't listed here so when you have the time i would recommend just going through the entire tag. its not a terribly huge tag (though it is growing) so its a pretty manageable browse imo. (then again, my perception of reasonable may be a bit skewed. iykyk.)
-
samantha-lefay reblogged this · 4 days ago -
purplepicturess liked this · 4 days ago -
allmydokkuns reblogged this · 4 days ago -
venussxren reblogged this · 4 days ago -
venussxren liked this · 4 days ago
-
northrndontpour reblogged this · 4 days ago -
officialrocketjumper reblogged this · 4 days ago -
officialrocketjumper liked this · 4 days ago
-
casualtea96 reblogged this · 4 days ago -
panda-escapades reblogged this · 4 days ago -
cynden liked this · 4 days ago -
luxceon reblogged this · 4 days ago -
mysongsknowwhatyoudidinthedark reblogged this · 4 days ago -
rassatar reblogged this · 4 days ago -
rassatar liked this · 4 days ago
-
glowyjellyfish reblogged this · 4 days ago -
seraangel reblogged this · 4 days ago -
stubzs87 liked this · 4 days ago -
laevateinn liked this · 4 days ago -
reblogcentral4 reblogged this · 4 days ago -
bigfatcooter liked this · 4 days ago -
candypop-snowdrop liked this · 4 days ago -
rhinodame liked this · 4 days ago -
thesmollestnerd reblogged this · 4 days ago -
poppy871 liked this · 4 days ago -
ashesinthewest reblogged this · 4 days ago -
arthenasdumbass reblogged this · 4 days ago -
arthenasdumbass liked this · 4 days ago
-
the-crow-flying liked this · 4 days ago -
rosslynpaladin reblogged this · 4 days ago -
roguemortal reblogged this · 4 days ago -
ladyliedie liked this · 4 days ago -
notoriousemerald liked this · 4 days ago -
hemachatus reblogged this · 4 days ago -
magistra-magi liked this · 4 days ago -
gaycodedvillainy reblogged this · 4 days ago -
gaycodedvillainy liked this · 4 days ago
-
wonderbon reblogged this · 4 days ago -
wonderbon liked this · 4 days ago
-
monaisme liked this · 4 days ago -
monaisme reblogged this · 4 days ago
-
octopodus reblogged this · 4 days ago -
2ndhandlions reblogged this · 4 days ago -
onepieceofthefandom reblogged this · 4 days ago -
onepieceofthefandom liked this · 4 days ago
-
lesbian-moon liked this · 4 days ago -
bounndtothetracksofthetrain liked this · 4 days ago -
immoralq reblogged this · 4 days ago
