To combat this, Google has pushed out an update to Gmail for Android that issues a warning every time it recognizes a link in an email that appears to be a forgery. They’re not unlike the suspected site warnings in just about every modern browser, and in similar fashion, you’re allowed to “proceed at your own risk” and ignore them if you please.
While Google says the particular attack that was used earlier in the week has since been disabled, it did uncover a vulnerability within Gmail that still remains. As TrendMicro’s Mark Nunnikhoven notes, the method masqueraded as a legitimate Google URL, which allowed it to float undetected by both Gmail and users alike.
“Unlike a typical phishing attack where the goal is to compromise the user’s system,” Nunnikhoven wrote, “the goal here is to compromise their Google Account.”
According to Nunnikhoven, a similar strategy was used last summer to hack the Democratic National Committee. That instance, believed to have been perpetrated by cyber-espionage group Pawn Storm, also leveraged Google’s OAuth authentication system — a technique that appears to be becoming more common among hackers.
As a result, users will only have to become more discerning and careful in screening emails and links. Google account-based invitations aren’t necessarily completely safe anymore, so always question the sender and nature of any links you receive before you click. It could save you — and all your Gmail contacts — a lot of trouble in the future.
Editors' Recommendations
- A new Google Pixel Tablet is coming, but it’s not what you think
- Android 15 release date: When will my phone get the update?
- Whatever you do, don’t buy the Google Pixel 7a right now
- An Android phone you haven’t heard of just won the charging game
- These are the best Android 15 features you need to know about
