Earlier this week, an independent security researcher by the name of Yan Zhu discovered that it was possible for a user to make their email look like it was sent by someone else using Google’s Gmail app on Android devices. I know what you’re thinking, that this is a perfect opportunity for unwanted and dangerous phishing emails, and you’d be 100% correct.
Yan decided to reach out to Google telling the about the bug in their Gmail app and received a reply shortly after from the company saying that it wasn’t a security vulnerability (screenshot below).
Fast forward only four days later and an article pops up on the same website where I found this information saying that “Google is working to fix an unusual bug that allows anyone to pretend to be someone else in the Gmail app for Android, after the company initially dismissed it as ‘not a security vulnerability.'” I personally think it’s quite strange that a tech giant like Google would take lightly to this situation in the first place.
This would have most likely been addressed by Google immediately if only someone pretended to be Larry Page or Sergey Brin using this simple exploit. Now that would have been great.
Source 1, Source2
Many people use anti-virus programs on their computer, I definitely do. But nowadays it’s becoming more easier for malicious content to infect our computers even if you’re running an anti-virus. According to Malwarebytes, “the malware ecosystem has changed drastically in the past 10 years, to the point that the old precautions are just no longer enough.”
People no longer have to click on things to get infected. There are attacks called “drive by downloads” where all a user has to do is visit an infected website and the malicious content is automatically downloaded onto their computer. Also, many anti-viruses response times are too slow to detect threats. According to Panda Research, “traditional AV only stops 30-50 percent of new zero-hour malware when it’s first seen.” This may come across as surprising news to people who think they’re “all good” since they have Norton installed on their computer. People must be aware of the websites they visit and also the things they click to stay secure.
To conclude, a layered approach is the best approach to take when it comes to security. This is when you use multiple types of defenses, each of which have their own strengths and do different things. An example of this is a lightweight product that works with an anti-virus program to block the threats that it may miss.
PageFair estimated that only 2.3% of the people who visited the affected sites would have been at risk of getting infected themselves. Although this particular attack seems to be over for now, there are still plenty of fake Flash “updates” out there which take advantage of people who don’t know what they’re clicking “Install” on. Don’t fall victim to popups on websites telling you that your Flash player or any other type of software is out of date and never download an .exe/.dmg file from these popups because you never know what it is you’re downloading onto your computer.