The Beast We Call Friend. How does Privacy work in The Jungle?
In May of 2017, Google has confirmed an eccentrically sophisticated identity phishing campaign targeted Gmail users seeking to gain control of their entire email histories and contact lists. (NBC NEWS, 2017). As such, it is believed, astronomically immense numbers of people may have been compromised by the phishing scam that sanctions the attackers to surmount people’s email accounts and personal details.
The trick works by sending users an honest looking Google Doc link, which seems to have originated from somebody you may know. In any case, if it’s clicked on, then it will give over access to your Gmail account — and transform it into an instrument for spreading the hack further. (Independent & Griffin, 2017). This incipient type of phishing attack was developed targeting Google Doc/Gmail users dissolving simply by a click or two, handing the attackers the ability to read, write and forward the phishing attack to any contact on the victim’s email list.
The attack was simple but sinister. You receive an email. It’s from someone who has emailed you before and happened to have you in their contacts. They were “sharing a document” with you. Click the button to open the document, and you’d see a seemingly innocent page — one hosted by Google, no less! It wouldn’t ask you for a password, and it already listed all of your accounts. The page was asking you to give a “Google Docs” app permission to read your email and contacts. (TechCrunch Network & Kumparak, 2017).
According to Business Insider, the worm ended up affecting fewer than 0.1% of Gmail users, a Google spokesperson says; Gmail has at least 1 billion monthly active users, so that suggests the worm could’ve affected as many as 1 million users. (Business Insider Australia & Leswin, 2017).
The malicious messages were originated from a well-trusted contact(s) with a simple link to an external URL parallel to a certifiable Google Doc interface requesting authorization to an application emulating Google Doc as we talked about before. However, for the victim, once they have navigated, nothing happens. In any case, the attacker is viably offered access to individuals’ Gmail.
In the phishing attack, the email message tries to trick the recipient into disclosing private data or taking another unsafe action. A more pernicious form of phishing is known as spear phishing, in which the bait looks especially appealing to the prey. (Pfleeger, Pfleeger, & Margulies, 2015).
In this type of attacks, we examine closely the impact of social engineering attacks in which criminals use spoofed emails to trick people into sharing sensitive information or opening attachment. According to Jason Hong research, “Phishing attacks have three major phases. The first is potential victims receiving a phish. The second step is the victim taking the suggested action in the message, which is usually to go to a fake website but can also include installing malware or replying with sensitive information. The third step is the criminal monetizing stolen information”. (Hong, 2012).
Presently, despite everything, we still ask a similar inquiry beforehand asked by Hong: Why individuals succumb to Phishing attacks?
The simple answer could be; ignorance.