Malicious Software, Hackers Present New Threats For Google Account Holders and Cell Phone Users
People across the world rely on email accounts to keep in constant contact with others. And while we’d like to think that access to these accounts is secure due to the safeguards we’ve put in place, nothing could be further from the truth. A study conducted in 2013 found that an average of 82,000 new malware threats occurred each day — and since that number only continues to rise, we all need to be prepared for an impending digital onslaught.
Yahoo! has received backlash for its recent hacks, but the truth is that an email address ending in “@gmail.com” won’t save you from malware attacks or hacking attempts. In fact, a recent Trojan horse campaign in November of 2016 resulted in more than a million Google-based accounts being hit by malware. Security firm Check Point has stated that this number keeps increasing; the attack campaign known as Gooligan is striking an additional 13,000 accounts and devices every day following the initial infection.
While one out of every 10 companies has malware in their cloud storage, this particular attack is geared towards individual users. In fact, the Gooligan malware attack has been said to be the largest-scale theft of Google accounts ever to be recorded. The software infects devices and steals authentication tokens in order to infiltrate data from Gmail, Google Photos, Google Docs, Google Play, G Suite, Google Drive, and more. Since Gmail alone currently has one billion users, the infiltration is concerning, at the very least.
But the intentions behind the malware may surprise you.
Instead of gaining personal information from these accounts, the malware forces users to download apps that are a pivotal part of an advertising fraud scheme. Similar to a Trojan horse attack, Gooligan makes malicious software look like legitimate apps with names like StopWatch, Perfect Cleaner, and WiFi Enhancer. Once these apps are installed, they in turn install other apps. Some of those apps can also steal usernames and passwords in order to post fake reviews to convince users of their legitimacy.
The app downloads and reviews feed directly into the scheme. Hackers run ads in these forcibly downloaded apps. When the ads are clicked or the apps are downloaded, the hackers make money. Head of mobile and cloud security at Check Point, Michael Shauloy, says that the scheme makes up to $320,000 a month.
Fortunately, the hack has not been shown to be linked to user identity or monetary theft. To that end, Google released a statement via blog post that they have found no evidence that Gooligan accessed user data or targeted specific groups of people. “The motivation… is to promote apps, not steal information,” said Google.
However, the same cannot be said for other recent hacks. One recent hacking trend involves just a little bit of creative “social engineering” and one piece of information: your phone number.
With this method, a hacker doesn’t even need much technological knowledge. They simply need to be convincing enough to make a customer service representative think that they are you.
If you use Gmail, Yahoo! Mail, Dropbox, iCloud, or social media platforms like Facebook and Twitter, you’re at risk of having your personal information stolen and exposed. Hackers have used cell phone numbers to steal money, take over accounts, and blackmail users.
A hacker will find information about you somewhere on the internet — it’s more readily available than you might think — like your address, your birthday, or the last four digits of your Social Security Number. Then, they’ll come up with a story to convince a representative of your identity. If the hacker has your phone number, they can then get have your phone number forwarded to their own device. After that, they can go to your email account or online bank account, click the “forgot password” option, and reset the password through a code that’s texted to your phone. The problem is that any messages that go to your number are now being forwarded to the hacker’s device. They get the code, and you’re locked out of your accounts forever.
Customer service representatives are often behind on developments in hacking, so it’s up to you to keep your device and accounts safe. The first line of defense is to put a passcode on your phone. However, customer service reps may forget to ask for the code or may think that knowing the last four digits of your SSN will suffice. You should also create and use an email address that is specific to just your mobile device, rather than using your primary email address across all your devices. Experts recommend that you disable online access to your wireless account; while this may be a hassle if you want to make account changes, it eliminates one way for hackers to get into your account. You should also inform your mobile carrier that any changes to your account can be made only in person with a valid photo ID. Although it would still be possible for a hacker to take on your identity and steal your information, that’s a hurdle that many hackers won’t attempt to jump.
While your accounts may never be 100% safe, especially as reliance on technology continues to increase, you should avoid connecting your phone number to your main accounts, use different passwords on different sites, and answer security questions in different ways for various accounts. Above all, keep in mind that no account or domain is impenetrable from an attack. Although these methods can be time-consuming, they are the best way to protect yourself and your valuable accounts against hijacking and theft.