Ransomware attacks have been in the headlines a lot of late. Did you know that 65% of all ransomware attacks happen through phishing emails? Therefore, email security needs to be a major focus when delivering security awareness training. It is likely that future variants of the recent WannaCry ransomware attack will be delivered via phishing emails.

As reported earlier this month, some Gmail users fell victim to a massive phishing attack that frightened many… a phishing attack that targets all your contacts. Now let us look at how gmail users were susceptible to the phishing attack.

THE PHISHING EMAIL

Gmail users received an email (from a known sender) that was an invitation to view a shared Google Doc. After clicking the link in the invitation email, users were directed to a legitimate “Google – Choose An Account” screen, after which they were prompted to authorize Google Doc to access their Gmail account.

Simply click “Allow”…  With no login prompt…

Sound suspicious yet?

THE HACK

At this point, it was not Google Docs requesting access – but actually a malicious app.  As Reddit carefully detailed, this hack would actually:

  1. Bypass any 2-factor authentication controls
  2. Scour your Gmail contacts list, and replicate itself by sending emails (on your behalf) to everyone you’ve ever emailed
  3. At this point, it would also have access to your Gmail account, including the ability to read previous messages

THE PROTECTION

SonicWall™ Email Security now integrates with the Capture Advance Threat Protection service, to deliver fine-grained and user-transparent inspection of SMTP-based traffic. The cloud-based Capture ATP service can scan a broad range of email attachment types, analyze them in a multi-engine sandbox, and block dangerous files or emails before they reach your network. SonicWall Email Security with Capture ATP gives you a highly effective and responsive defense against email-borne threats, including ransomware, phishing, spoofing, spam and viruses.

WHAT ELSE YOU CAN DO

To avoid phishing scams, below is a refresher on what you can do to not fall prey:

  • Don’t click on URLs in emails without checking its full path and understanding where it is leading to.
  • Don’t download any plug-ins from the email link itself. Go to the vendor’s (Adobe, Microsoft etc.,) website to download plug-ins
  • User 2-factor authentication, wherever possible

Finally, if you were a victim of this attack, following are a few steps you can take to resolve the situation.

  • Go into your Google Account Permissions page and remove access privileges for the Google Docs account
  • Google also encourages users to report phishing emails in Gmail

Lastly, test your knowledge on all-things-Phishing related by taking the SonicWall Phishing IQ Test… and avoid being scared of emails!

Download Solutions Brief: What your next-gen email security needs to stop advanced threats.

Download Tech Brief

FacebookTwitterGoogle+LinkedIn
Gus Maldonado
Product Line Manager, Email Security Products | SonicWall
Gus Maldonado is the Product Line Manager for the Email Security software and appliances offerings, as well as the My SonicWall portal. He has extensive experience in product management and product marketing for security and LBS technologies including authN/authZ, firewall, secure messaging, VPN, filtering, and encryption products.

Gus holds a Bachelor of Science in Aeronautics from San Jose State University, as well as a Master’s in Business Administration from Santa Clara University. When not working to develop new, secure IoT solutions, Gus enjoys long-distance trail running, scuba diving, traveling internationally, and learning to play guitar. 

You might also like

SonicWall Protects Customers from the Latest Massive WannaCry Ransomware Attack
Read more
Is Your Email Security GDPR Ready?
Read more
Beware of Email Scams and Ransomware This Holiday Shopping Season
Read more
Innovate More, Fear Less at CETPA 2017 with SonicWall for Your School Network
Read more
Black Hat USA 2017: Build Your Arsenal with SonicWall Capture – Innovate More, Fear Less
Read more

0 comments

Leave a reply