Skip to main content

Phishing - Introduction


Many of us receive phishing emails from bank saying “Dear Client, we have to login to your account to verify your credentials. When you actually login by using your details, it says “unable to login” or some error message, in background what happens is your credentials has been stolen and this is what email phishing.

What is OAuth (Open Authorization)?

Hackers are exploiting a cloud protocol called OAuth. It’s not specific to google attack. OAuth or open standard for authorization is a standardized way for internet accounts to link with 3rd party applications. It is universally adopted by almost all web-based applications and platforms – including consumer as well as enterprise applications such as google Apps, Microsoft office, sales force and many others.


OAuth powers the cloud, enabling the API economy, enhancing user experience.  At the same time in the wrong hands OAuth can be a weapon and it’s a night mare for IT security teams.
Example, Attacker sets up infrastructure and fake app and sends a phishing email, victim opens email and clicks the link. Victim is sent to googles OAuth page for authentication and to grant permissions. Then the user will be redirected to an attacker-controlled website and prompted to allow/deny access. On the backend, if user allowed, google provisions an OAuth token, appends it to redirected url and instructs victims browser to redirect to attacker’s domain. Now attacker gains access to OAuth token once the user is redirected to one of the attacker-controlled domains. Attacker uses the granted privileges (such as email, contacts etc.). Uses this information to access to send emails from victims account and propagate the worm.


OAuth based attacks bypass all standard security layers. Changing passwords wont address this issue, enabling multi-factor authentication will not mitigate the risk. 

 Thank you for reading this article. 

Comments

Post a Comment

Popular posts from this blog

FMEA Types and steps involved

FMEA means Failure Mode and Effects Analysis. There are 3 types of FMEAs.  System FMEA (SFMEA) Design FMEA  (DFMEA) Process FMEA  (PFMEA) SFMEA is for System and used to analyze the failures of the end product in a customer's system. It focuses on the potential failure modes associated with the functions of the end product.  DFMEA begins with the development of information to understand the system, subsystem or component being analyzed and defines their functional requirements and characteristics. It focuses on potential failure modes associated with the function of each system, subsystem or component being analyzed.  PFMEA is used to analyze manufacturing and assembly processes. It focuses on process inputs.  FMEA Processes - Steps Involved  There are 13 steps in creating an FMEA. Please find the attached diagram. Step 2: Define the Function  What is the system, the sub system or process steps supposed to d...
Post a Comment
Read more