Pages with tag Spear Phishing

Google's AMP technology makes spear-phishing sites look legit

Those pesky Russian Hackers may be using Google's Accelerated Mobile Pages (AMP) to make spear-phishing attack, or fake news, websites look like legitimate sites. According to Salon, Google has known about this problem for over a year and done nothing.

A couple years ago Google created Accelerated Mobile Pages (AMP) to speed up internet browsing on mobile devices. The AMP standard defines a limited set of JavaScript, CSS and HTML technologies that are known to behave well on a low bandwidth memory constrained device like a cell phone. In part AMP is a response to the overly bloated nonsense occuring on most websites with autoplaying video and animated advertising that pops up and annoys people.

Salon claims that Russian spear-phishing attacks targeting journalists critical of Russia lead to pages using AMP techniques, making them look legitimate. What makes it worse is that Google serves AMP pages from google.com domains, hence an AMP spear-phishing page portraying itself as a Google alert will look legitimate because it is on a google.com domain.