Google 23 Oct
Cyber crimes are widespread and there could only be a limited number of plugs that you could place in order to avoid them. As the technology is progressing, hackers have found their way through the systems, coming up with new innovative ideas to get pass through the cybersecurity precautions in place.
One of the most popular alternatives to login system is the one-time single sign-in solution from Google that allows a user to once enter their Gmail username and password and they could use the system username and password for all the website (that support this) to login without a hassle to enter user credentials each time they wish to log in.
Though unfortunately, hackers have found a way through this to capture user’s Gmail credentials and even the 2FA token. This happens when there is a login page embedded within another one acting as a relay or a middle man, thus capturing the Gmail data through Google single sign-in feature. This empowers the hackers to copy your cookies or to impersonate you easily. This method of phishing attack is called MITM (Man in the middle) technique.
To fix this, Google is now blocking sign-in attempts from embedded pages. This technique allows the hacker to capture the user credentials passing through the exchange of data packets. Though after this step taken by Google, it would be a great help to the web community considering how serious it’s drawbacks could be.
Have you ever gone through such a scenario before? Share your experience in the comment section below.