Despite the fact that security technologies are improving, phishing remains a danger, which is why, at Google I/O 2022, Google highlighted many ways it aims to tackle phishing.
To safeguard users from phishing assaults, Google is expanding phishing protections to Google Docs, Sheets, and Slides, as well as continuing to automatically enrol users in 2-Step Verification.
Multi-factor authentication (MFA) has become a particular focus for cybercriminals as organizations and end users have become more aware of the perils of phishing. For example, they frequently try to phish SMS codes by sending a faked message after a valid “one-time passcode” instructing potential victims to “respond back with the code you just got.”
According to a new Google blog post, attackers are also using increasingly sophisticated dynamic phishing pages to carry out relay attacks, in which the user believes they are logging into a real site.
Instead of using a basic static phishing page to obtain a user’s credentials, attackers employ a web service to log into the real website while the user is falling for a phishing page.
These attacks are particularly difficult to detect because authentication challenges presented to an attacker (such as a request for an SMS code) are simultaneously presented to the victim.
The attacker then relays the victim’s response back to the legitimate website, where it is used to handle any subsequent authentication issues that may emerge.
To read our blog on “Android Attacked by Hackers Using Phishing SMS,” click here.