Earlier in the week, reports of a supposed newly discovered Gmail vulnerability started making the rounds on the web. The proof of concept was first posted on GeekCondition.com and showed how a hacker, with a bit of effort and persistence, could potentially infiltrate a user's Gmail account, create a malicious filter to forward emails to the hijacker, and top it off by stealing any domains the victim may have registered. But is the proof of concept truly indicative of a security flaw in Gmail?

While it's true that there have been users affected by the scheme, Google ascertains the root cause has more to do with phishing than it does with Gmail.

"With help from affected users, we determined that the cause was a phishing scheme, a common method used by malicious actors to trick people into sharing their sensitive information," Google wrote in a blog post. "Attackers sent customized emails encouraging web domain owners to visit fraudulent websites such as 'google-hosts.com' that they set up purely to harvest usernames and passwords. These fake sites had no affiliation with Google, and the ones we've seen are now offline."

As is often the case when it comes to security issues, a combination of common sense and safe computing habits remains your best defense.

Image Credit: TanyaFerrell.com

COMMENTS:

0

TAGS: 

Software, Security, Gmail, Google, phishing, vulnerability

Comments Print Email