China suspected in Google Gmail phishing attacks

Posted by Andru Edwards Categories: Corporate News, Google, Internet

Spear phishing attempts to penetrate the personal Gmail accounts of U.S. officials, journalists, and activists, report ed by Google in June, have not ceased, according to a security researcher who first discovered the attempts in Fe bruary.

Spear phishing uses bogus emails to trick recipients into entering personal details, like home addresses and Gmail passwords.

"I am posting this only to highlight the fact that once compromises happen and are covered in the news, they do not disappear and attackers don't give up or stop. They continue their business as usual," wrote Mila Parkour, a D.C.-based security researcher on her Conta gio Malware Dump blog, as picked up by Com puterWorld.

Parkour also posted a recent sample of a spear-phishing email and its Taiwanese origins, which she received by creating a fake Gmail account and filling it with Google Alerts related to human rights and military issues.

The email asked for Parkour's Gmail login details to activate a report from the Center for a New American Security (CNAS), called "Blinded: The Decline of U.S. Earth Monitoring Capabilities and its Consequences for National Security."

After collecting her login details, the information was routed to and stored in a compromised server in Houston, Texas. Two hours later, the attackers logged into Parkour's fake account, and checked her inbox twice a day every day thereafter. The HTML code of the email revealed a sender IP address from Taiwan, and use of the Foxmail email client, which Parkour said is commonly used in Chinese phishing attempts.

"I must note that this incident is even more simple than the previous one," Parkour wrote.

"Google are aware of this, [but] there is not much they can do to prevent these from coming in," she added.

Gmail users are encouraged to activate Gmail's 2-ste p verification.

In June Google disco vered that a number of its Gmail account user names and passwords of personal accounts belonging to senior government officials, activists, and journalists, had been compromised. The hack appears to have originated from Jinan, China, although Google did not accuse any individuals or governments of orchestrating the attack. Chinese Foreign Affairs Minister Hong Le den ied being the source. Similar spear phi shing attempts were also discovered in Hotmail and Yahoo Mail.

This article, written by Sara Yin, originally appeared on PCMag.com and is republished on Gear Live with the permission of Ziff Davis, Inc.