Here's The Fake Gmail Site Chinese Hackers Used To Steal U.S., Activist Data
Look at the two Gmail login pages in the image below, (click to enlarge them) and ask yourself: Would you have spotted the difference?
On Tuesday, Google revealed on its official blog that it had been the target of a phishing campaign seemingly originating in Jinan, China, and aimed at gaining access to the accounts of senior officials in the U.S., Korea and other governments, as well as those of Chinese activists.
The attack worked–at least in part–by sending the victims spoofed emails, often from accounts that appeared to belong to coworkers, family or friends. Those emails contained links to the spoofed Gmail sites, which harvested the usernames and passwords of anyone fooled by their realistic appearance.
The hackers then used those login details to forward all mail coming into the account to a third party, or in some cases gathered information about contacts to use in other phishing scams.
Google credits the discovery of the scheme in part to the blog Contagio, where a detailed analysis of the scam including images of the spoofed emails and the fake login page above were posted in February.
This kind of phishing scheme isn’t new, and Google warned in its high-profile revelation of Chinese hacking in January of last year that it–like all webmail services–was vulnerable to this sort of spoof attack. But the company has never before revealed so much about its phishing attackers, nor has it shared images of the fake login pages those phishers use.
Contagio points to subtle differences in the two login pages, including the destination of links and small design contrasts. But given the spot-on accuracy of the fake Gmail gateways above, Google isn’t depending on users to tell the difference. Instead, it suggests using its two-factor authentication system, which sends a code to a user’s phone that he or she needs to use to log in. If a user has set up that safeguard and no code appears when he or she is prompted to log in, then the login page might be fake.
Google is also suggesting that users watch for suspicious forwarding settings that might indicate an intruder is copying their mail, as well as a red warning at the top of the page that indicates Google has detected “suspicious activity” that might signal a hacker has gained access to the account.
Here's The Fake Gmail Site Chinese Hackers Used To Steal U.S., Activist Data - Forbes