www.medianama.com
Open in
urlscan Pro
164.52.207.209
Public Scan
URL:
https://www.medianama.com/2021/11/223-google-report-gmail-phishing-campaign-india/
Submission: On November 25 via api from GB — Scanned from GB
Submission: On November 25 via api from GB — Scanned from GB
Form analysis 3 forms found in the DOM
GET https://www.medianama.com/
<form method="get" id="zox-search-form" action="https://www.medianama.com/">
<input type="text" name="s" id="zox-search-input" value="Search" onfocus="if (this.value == "Search") { this.value = ""; }" onblur="if (this.value == "Search") { this.value = ""; }">
<input type="submit" id="zox-search-submit" value="Search">
</form>GET https://www.medianama.com/
<form method="get" id="zox-search-form" action="https://www.medianama.com/">
<input type="text" name="s" id="zox-search-input" value="Search" onfocus="if (this.value == "Search") { this.value = ""; }" onblur="if (this.value == "Search") { this.value = ""; }">
<input type="submit" id="zox-search-submit" value="Search">
</form>Name: F16558 — POST https://app.feedblitz.com/f/f.fbz?Join
<form method="POST" name="F16558" id="F16558_sb" style="display:block;margin:auto;max-width:400px;" action="https://app.feedblitz.com/f/f.fbz?Join">
<div name="F16558__hh" style="display: none;"><input style="display: none;" type="email" name="email_" value=""><input style="display: none;" type="email" name="email_address" value=""><input style="display: none;" type="email" name="_email"
value="">
<script>
var i = 0;
var x = document.getElementsByName('F16558');
for (i = 0; i < x.length; i++) {
x[i].email_.style.display = 'none';
x[i].email_address.style.display = 'none';
x[i]._email.style.display = 'none';
x[i].action = 'https://app.feedblitz.com/f/f.fbz?Join';
}
var y = document.getElementsByName('F16558__hh');
for (i = 0; i < y.length; i++) {
y[i].style.display = 'none';
}
</script><input type="hidden" name="subcf" value="1"><input type="hidden" name="formid" value="F16558">
</div>
<table cellpadding="0" cellspacing="0" border="0" class="F16558_sb_fbz_table" style="table-layout:fixed;max-width:100%;width:100%;">
<tbody>
<tr>
<td class="F16558_sb_fbz_form">
<table cellpadding="0" cellspacing="0" border="0" width="100%" class="F16558_sb_fbz_table">
<tbody>
<tr>
<td class="F16558_sb_fbz_title" style="padding:0.7em;border-radius:16px 16px 0 0;-moz-border-radius:16px 16px 0 0;">
<div style="padding:0.5em;font-size:160%;display:block;">Subscribe to our daily newsletter</div>
</td>
</tr>
</tbody>
</table>
<div style="display:none"><input type="hidden" name="feedid" id="F16558_sb_feedid" value="402241"></div>
<div style="display:none"><input type="hidden" name="publisherid" id="F16558_sb_publisherid" value="11271121"></div>
<div style="display:none"><input type="hidden" name="cids" id="F16558_sb_cids" value="1"></div>
<table border="0" cellpadding="6" cellspacing="0" align="center" width="100%" class="F16558_sb_fbz_table" style="border-radius:16px">
<tbody>
<tr class="F16558_sb_fbz_row">
<td class="F16558_sb_fbz_label" style="padding-top:0.7em;padding:0"></td>
<td style="padding-left:0.5em;padding-right:0.5em;width:100%">
<div class="F16558_sb_fbz_text" style="margin-bottom:0.3em;text-align:Default;">Name:<b style="color:red" title="Required">*</b></div>
<div class="F16558_sb_fbz_input_container" style="background-image:none;padding-right:0;">
<input class="F16558_sb_fbz_input" type="text" name="Name" id="F16558_sb_Name" value="" alt="Please introduce yourself" title="Please introduce yourself" placeholder="Please introduce yourself"
onclick="clickclear(this,'F16558_sb')" onfocus="clickclear(this,'F16558_sb')" onblur="clickrecall(this)" width="100%" style="width:100%;padding-right:0;">
</div>
</td>
</tr>
<tr class="F16558_sb_fbz_row">
<td class="F16558_sb_fbz_label" style="padding:0"></td>
<td style="padding-left:0.5em;padding-right:0.5em;width:100%">
<div class="F16558_sb_fbz_text" style="margin-bottom:0.3em;text-align:Default;">Your email address:<b style="color:red" title="Required">*</b></div>
<div class="F16558_sb_fbz_input_container" style="background-image:none;padding-right:0;">
<input class="F16558_sb_fbz_input" type="text" name="email" id="F16558_sb_email" value="" alt="How can we reach you?" title="How can we reach you?" placeholder="How can we reach you?" onclick="clickclear(this,'F16558_sb')"
onfocus="clickclear(this,'F16558_sb')" onblur="clickrecall(this)" width="100%" style="width:100%;padding-right:0;" fbz_val="validateEmail">
</div>
</td>
</tr>
<tr class="F16558_sb_fbz_row">
<td class="F16558_sb_fbz_label" style="padding:0"></td>
<td style="padding-left:0.5em;padding-right:0.5em;width:100%">
<div class="F16558_sb_fbz_text" style="margin-bottom:0.3em;text-align:Default;"><b style="color:red" title="Required">*</b></div>
<div class="F16558_sb_fbz_input">
<label><input class="F16558_sb_fbz_input" type="checkbox" name="GdprCheck" id="F16558_sb_GdprCheck" style="width:auto" value="accepted"
alt="We need your consent to email you about this. You will still need to confirm after you submit the form (a process called dual opt-in)"
title="We need your consent to email you about this. You will still need to confirm after you submit the form (a process called dual opt-in)"><span class="F16558_sb_fbz_fieldlabeltext" style="padding-top:0;padding-bottom:0;">I
agree to receive newsletters from MediaNama</span></label>
</div>
</td>
</tr>
<tr class="F16558_sb_fbz_row_nohover F16558_sb_fbz_smartform">
<td class="F16558_sb_fbz_fieldtext" colspan="2">
<div style="text-align:center">
<input class="F16558_sb_fbz_button" type="button"
onclick="try{fbzClearChangedBorders();}catch(e){};req=fbz_v('F16558_sb',F16558_sb_requiredFields);val=fbz_v('F16558_sb',F16558_sb_validateFields,1);if(req && val){smartFormSubmit(this);};" name="fbzsubscribe"
id="F16558_sb_subscribe" value="Subscribe" alt="click to join" title="click to join" width="100%"
style="font-size:140%;height:inherit;background-color:#e0e0e0;color:#000000;white-space:normal;width:100%;margin-left:0;margin-right:0;padding-left:0;padding-right:0;"><img id="F16558_sb_fbz_wait" alt="Please wait..."
style="display:none;width:48px;opacity:0.5;" src="https://assets.feedblitz.com/images/spinner.gif">
</div>
</td>
</tr>
<tr class="F16558_sb_fbz_row_nohover">
<td class="F16558_sb_fbz_fieldtext" colspan="2" style="padding-top:0.2em;padding-bottom:0;">
<div style="text-align:center">
<input class="F16558_sb_fbz_button fbz_cancel" type="button" onclick="try{fbzClearChangedBorders();}catch(e){};clearprompts(document.forms.F16558_sb);fbz_SmartForm('F16558_sb',0);try{hideTinyBox();}catch(e){};" name="fbzcancel"
id="F16558_sb_cancel" value="Not now, thanks" alt="Hide this form for now" title="Hide this form for now" width="100%"
style="font-size:100%;height:inherit;background-color:#e0e0e0;color:#000000;opacity:0.6;white-space:normal;width:100%;margin-left:0;margin-right:0;padding-left:0;padding-right:0;">
</div>
</td>
</tr>
<tr class="F16558_sb_fbz_row_nohover">
<td colspan="2" style="padding:0;border:0">
<div id="F16558_sb_fbz_err" class="F16558_sb_fbz_err" style="position:relative;">Please enter all required fields <img onclick="fbz$('F16558_sb_fbz_err').style.display='none';" border="0" alt="Click to hide" align="baseline"
width="8" height="8" style="float:right;align:baseline;width:8px;height:8px;opacity:0.5;cursor:pointer;position:absolute;top:4px;right:4px;" src="https://assets.feedblitz.com/images/close.gif"></div>
<div id="F16558_sb_fbz_invalid" class="F16558_sb_fbz_invalid" style="position:relative;">Correct invalid entries <img onclick="fbz$('F16558_sb_fbz_invalid').style.display='none';" border="0" alt="Click to hide" align="baseline"
width="8" height="8" style="float:right;align:baseline;width:8px;height:8px;opacity:0.5;cursor:pointer;position:absolute;top:4px;right:4px;" src="https://assets.feedblitz.com/images/close.gif"></div>
<div id="F16558_sb_fbz_status" class="F16558_sb_fbz_err"></div>
</td>
</tr>
</tbody>
</table>
<table cellpadding="0" cellspacing="0" border="0" width="100%" class="F16558_sb_fbz_table">
<tbody>
<tr>
<td class="F16558_sb_fbz_footer" style="border-radius:0 0 16px 16px;-moz-border-radius:0 0 16px 16px;padding:0.5em;"> No spam, ever. Promise. </td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<small style="opacity:0.7;">Email <a title="Email subscriptions terms of service" target="_fbz_gdpr" rel="nofollow" style="text-decoration:none;color:inherit!important;" href="https://www.feedblitz.com/tos/">Terms</a> &
<a title="Email subscriptions privacy policy" target="_fbz_gdpr" rel="nofollow" style="text-decoration:none;color:inherit!important;" href="https://www.feedblitz.com/privacy/">Privacy</a></small>
</form>Text Content
* Latest
* Focus
* Privacy
* Freedom Of Expression
* Drones
* E-commerce
* Competition
* Facial Recognition
* Net Neutrality
* Platform Regulation
* Discover
* Views
* Interviews
* Guides
* Summaries
* Editorials
* Event Coverage
* Consultations
* Subscribe
* My Account
Connect with us
*
*
*
*
Hi, what are you looking for?
* Reports
* Donate
* Careers
* Events
* Customer Support
* My account
Log In
MEDIANAMA
* Latest
* Summary: Apple’s lawsuit against NSO Group for surveilling, targeting its
users with Pegasus spyware
* Meghalaya government responds to legal notice over facial recognition app,
IFF analyses
* Meta announces delay in bringing end-to-end encryption to its messaging
services
* All the signs that suggest India’s crypto bill won’t ban cryptocurrencies
outright
* India one of the most affected by Russian govt-backed Gmail phishing
campaign: Google
* Focus
* Privacy
* Freedom Of Expression
* Drones
* E-commerce
* Competition
* Facial Recognition
* Net Neutrality
* Platform Regulation
* Discover
* Views
* Interviews
* Guides
* Summaries
* Editorials
* Event Coverage
* Consultations
* Subscribe
* My Account
Discover more:Cyber attacks, Cybersecurity, Fancy Bear, gmail, Google, Phishing,
Report, Russian Government
NEWS
INDIA ONE OF THE MOST AFFECTED BY RUSSIAN GOVT-BACKED GMAIL PHISHING CAMPAIGN:
GOOGLE
Read all about the deceptive methods of attackers that were uncovered by a
specialised Google team.
By
Aihik Sur
Published
21 hours ago
Source: Google
India, apart from the United States of America and the United Kingdom, was one
among the most affected countries that were allegedly targeted by a Russian
government-backed APt28/Fancy Bear Gmail phishing campaign, according to a
report by Google’s Cybersecurity Action Team.
The report, a first of its kind, said that Google’s Cybersecurity Action Team
observed a large-scale attack of a credential phishing campaign targeting more
than 12,000 Gmail accounts by this threat actor. Fancy Bear earlier used to
target Yahoo! and Microsoft users, the report said. Other countries that were
targeted include Canada, Russia, Brazil, and members of the European Union.
This is a sign that state-sponsored cyber-attacks are a reality today. Not just
in the United States, but as this research shows, closer home in India; it was
reported last year by India Today and Times of India that power substations in
Maharashtra and Telangana were attacked by Chinese hackers. These attacks on
critical infrastructure indicate a paradigm shift in modern warfare. It warrants
a massive overhaul of a country’s cyber defense capabilities and a need for more
transparency in the process.
HOW EXACTLY DID FANCY BEAR TARGET USERS?
> The attackers were using patterns similar to TAG’s (threat analysis group)
> government-backed attack alerts to lure users to change their credentials on
> the attacker’s controlled phishing page. The attackers kept changing the
> emails’ subject line but attackers used a variation of Critical security
> alert — Google report (emphasis ours)
>
> Body of the phishing email that users received | Source: Google
PHISHING CAMPAIGN IMPERSONATED LEGITIMATE GOOGLE LOGIN PAGES
> Phishing and spear phishing campaigns continue to use login pages that
> impersonate legitimate Google login pages to steal credentials — Google report
Google’s cybersecurity team observed that the attacker-controlled credential
phishing image looked similar to a Google login page.
Attacker-controlled phishing page that looks similar to a Gmail login page |
Source: Google
However, upon closer inspection, the report found that the fonts in the phishing
page did not match the fonts on the legitimate Google-owned page. “This was
because the attackers tried to reuse their Yahoo! toolkit and left various
Yahoo! artifacts in the Gmail HTML login page…” the report added.
PHISHING MESSAGES WERE SENT FROM COMPROMISED MAIL SERVERS
After finding that the phishing messages were sent from compromised mail
servers, the report said that this was a change from previous campaigns taken up
by Fancy Bear on Yahoo!. There, the threat actor had used “some variant of
spoofing to send emails”.
Advertisement. Scroll to continue reading.
Sending an email from an email account that one doesn’t control is called email
spoofing, according to Fraudmarc, “Essentially, the attacker is claiming the
sender’s identity and abusing their credibility to trick the victim into taking
some action,” the website explains.
In Gmail, a majority of the messages go through the sender policy framework
(SPF). Techterms defines SPF as an email authentication system designed to
prevent email spoofing. “One significant difference between legitimate emails
from the compromised mail servers and phishing messages was the domain part of
MessageId which is different and unique for every email address domain,” the
report added.
GOOGLE’S RECOMMENDATIONS TO PROTECT FROM SUCH PHISHING CAMPAIGNS
* Workspace customers and Gmail users should validate that they are providing
credentials to legitimate Google sites.
* Employ two-factor authentication.
* Register on Google’s Advanced Protection Program which users security keys
such as Feitian MultiPass FIDO Security Key, and Yubico FIDO U2F Security
Key.
Also read:
* Ransomware gang goes offline as govt agencies hack its network in a
tit-for-tat operation
* Acer India hit by ransomware attack, over 60 GB of files and databases stolen
* Pine Labs becomes latest victim of ransomware attack, 500,000 unique records
exposed: Report
* Accenture becomes latest victim of a ransomware attack, but says no
disruption to operations
* Tech giants Amazon, Google, and Microsoft partner with US cyber team to
counter ransomware attacks
Have something to add? Post your comment and gift someone a MediaNama
subscription.
Discover more:Cyber attacks, Cybersecurity, Fancy Bear, gmail, Google, Phishing,
Report, Russian Government
Written By Aihik Sur
Among other subjects, I cover the increasing usage of emerging technologies,
especially for surveillance in India
Click to comment
You must be logged in to post a comment Login
LEAVE A REPLY
CANCEL REPLY
You must be logged in to post a comment.
Or, Login to MediaNama using:
Login Login with facebook
Login Login with google
LATEST HEADLINES
* Summary: Apple’s lawsuit against NSO Group for surveilling, targeting its
users with Pegasus spyware November 24, 2021
* Meghalaya government responds to legal notice over facial recognition app,
IFF analyses November 24, 2021
* Meta announces delay in bringing end-to-end encryption to its messaging
services November 24, 2021
* All the signs that suggest India’s crypto bill won’t ban cryptocurrencies
outright November 24, 2021
* India one of the most affected by Russian govt-backed Gmail phishing
campaign: Google November 24, 2021
MEDIANAMA’S MISSION IS TO HELP BUILD A DIGITAL ECOSYSTEM WHICH IS OPEN, FAIR,
GLOBAL AND COMPETITIVE.
VIEWS
NEWS
HEALTH DATA AS WEALTH: WHAT CAN THOSE WITH ACCESS TO HEALTH DATA DO WITH SUCH
ACCESS?
Find out how people’s health data is understood to have value and who can
benefit from that value.
Guest AuthorNovember 17, 2021
NEWS
MERGERS & ACQUISITIONS BY BIG TECH: DOES INDIA NEED TO TWEAK ITS COMPETITION
RULES?
The US and other countries' retreat from a laissez-faire approach to regulating
markets presents India with a rare opportunity.
Guest AuthorSeptember 27, 2021
NEWS
WHAT DOES THE LITECOIN-WALMART PARTNERSHIP HOAX TELL US ABOUT THE NEED FOR
CRYPTO REGULATIONS?
When news that Walmart would soon accept cryptocurrency turned out to be fake,
it also became a teachable moment.
Mitaksh JainSeptember 21, 2021
NEWS
DATA SECURITY COUNCIL OF INDIA ESTABLISHES PRIVACY GUIDELINES FOR HEALTHCARE
SECTOR
The DSCI's guidelines are patient-centric and act as a data privacy roadmap for
healthcare service providers.
Guest AuthorSeptember 6, 2021
NEWS
DATA LEAKS – TRADING INTERNAL CONTROL FOR EXTERNAL VULNERABILITY: RUSSIAN
EDITION
In this excerpt from the book, the authors focus on personal data and
autocracies. One in particular – Russia. Autocracies always prioritize
information control...
Guest AuthorAugust 27, 2021
Share
Tweet
PLEASE SUBSCRIBE TO MEDIANAMA. DON'T SHARE PRINTS AND PDFS.
YOU MAY ALSO LIKE
NEWS
SEARCH QUERIES FOR INTERNATIONAL AIR TICKETS GROWING AT 43% – GOOGLE
Google has released a Google Travel Trends Report which states that branded
budget hotel search queries grew 179% year over year (YOY) in India, in...
Sneha JohariMarch 23, 2016
ADVERT
ADVERTISEMENT: 135 DIGITAL JOB LISTINGS AT JOBNAMA – 9TH JUNE 2010
135 job openings in over 60 companies are listed at our free Digital and Mobile
Job Board: If you’re looking for a job, or...
MedianamaJune 9, 2010
NEWS
OLA, UBER DRIVERS SAY THEY ARE EXHAUSTED, FEAR BEING WIPED OUT
Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives
a cab everyday, is starting to look like one, he...
Soumyarendra BarikFebruary 24, 2021
NEWS
TWITTER TAKES DOWN TWEETS FROM MP, MLA, EDITOR CRITICISING HANDLING OF PANDEMIC
UPON GOVERNMENT REQUEST
By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has
complied with government requests to censor 52 tweets that mostly criticised...
Aroon DeepApril 24, 2021
TRENDING
* Covid19
* Government Policies
* Ecommerce
* Modi Government
* Rules and Relguation
* TATA Merger
LATEST NEWS
* WhatsApp Launches UPI-Based Payments Feature In India
* MediaNama: Roundtable On Copyright And Digital Media
* Should Amazon, Flipkart Show Country Of Origin Of Products?
* After CEO Dick Costolo, Twitter’s M&A Head Rishi Garg Quits
* Gujarat HC Gives Livestreaming Court Proceedings A Shot
MediaNama is the premier source of information and analysis on Technology Policy
in India. More about MediaNama, and contact information, here.
© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ
Subscribe to our daily newsletter
Name:*
Your email address:*
*
I agree to receive newsletters from MediaNama
Please enter all required fields
Correct invalid entries
No spam, ever. Promise.
Email Terms & Privacy
* Contact
* About
* Events
* Sponsor
* Subscribe
* Careers
* Support
* Terms Of Use
* Privacy Policy
© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ
* Contact
* About
* Events
* Subscribe
* Careers
* Donate
* Customer Support
* Terms & Conditions – MediaNama
* Privacy Policy
Copyright © 2021 MediaNama. Made in India.
*
*
*
*
JOIN MEDIANAMA PRO. UPGRADE YOUR UNDERSTANDING OF TECHNOLOGY POLICY
Subscribe to MediaNama Pro to gain access to actionable reporting, analysis and
insights on what is shaping technology
policy in India, and reshaping the world of technology.
SUBSCRIPTION OPTIONS
ANNUAL
Subscribe for all access to MediaNama stories for 1 year
RS. 4,999
Subscribe
3 YEARS
Support MediaNama's work by subscribing for 3 years.
RS. 11,999
Subscribe
GROUP SUBSCRIPTION
Keep your organisation up to date with the latest developments, with a dashboard
to manage your team's access to MediaNama.
Explore
OR LOGIN NOW