Most of us have way more usernames and passwords than we can remember. Thankfully, our browsers can store these for us, but using single sign-on is even more convenient, as it avoids creating credentials for each and every site we visit. The most popular one around is Google's solution, which lets you use your Gmail username and password to connect to any website that supports it. However, as the solution is widely used, some malicious sites embed login pages which can capture the user's credentials and even their 2FA token. To protect users from such attacks, Google is now blocking sign-in attempts from embedded pages. Read More
Back in January, Google simplified its payment offering by merging Android Pay and Google Wallet into Google Pay. The new appellation made it simpler for users to manage their payments, thanks to a unified platform allowing them to pay with their phone, but also online using their browser. Despite this move, the defunct service seems to be coming back to life, in a rather intriguing manner. Indeed, several users have reported receiving notifications mentioning Google Wallet was granted access to their Google account. Read More
Security firm Trend Micro has discovered 29 malicious beauty camera apps that aim to phish user traffic and steal your photos. The apps have already been removed by Google from the Play Store, but only after accumulating millions of downloads.
Once installed, some of the apps would load up full-screen advertisements for fraudulent or pornographic content each time the device is unlocked, and some of the apps would forward users to phishing websites to steal their personal information. Read More
Phishing attempts involve a lot of trickery. You think you got an email from your colleague at androidpolice.com when you really received it from someone at androidpollce.com. Or you mistype one letter in a URL and you're taken to a site that looks exactly the same, but isn't the one you wanted. One minute later you've entered your email, password, and maybe credit card on an unknown site and your details have been stolen for good. Even the best of us (and the most tech-savvy and aware) can miss a small letter change, so it only makes sense that there's a more automated and systematic check that could save us from these situations. Read More
Phishing attacks are deceptively successful against less experienced users, but even those that consider themselves reasonably technical can occasionally fall prey to the simple approach. According to a recent report by Krebs on Security, Google and its employees aren't among the 76% of businesses that have been victims of phishing attacks in the last year. In fact, not one of the company's employees work accounts has been successfully phished since 2017, thanks to hardware 2FA security keys. Read More
Earlier in the month, Google released an official statement on a particularly virulent phishing email imitating Google Docs that was doing the rounds. That same day, coincidentally or not, an update to the Gmail Android app added a special warning page that pops up every time a link in one of the suspect emails is clicked. Now, Google is implementing further changes to help prevent future scams of this type. Read More
Perhaps due to today's outbreak of a widespread phishing scam, or simply by coincidence, Google is rolling out enhanced anti-phishing security checks in Gmail for Android. When users tap on a suspicious link, the above warning will now appear. Read More
Phishing emails are annoying and potentially dangerous, but very rarely do we see one as nefarious as this. A specific email, shown above, has been making waves in the news and Google has released an official statement regarding it. Read More
Google's Safe Browsing feature has been around since 2007, and has protected millions of people from harmful threats on the internet. It's a blacklist of harmful websites, such as those distributing malware and phishing scams, that Google actively updates every day. The database is used by Chrome, Firefox, and even Safari to ensure users can be as safe as possible online.
Back at Google I/O, Google announced they would make an official API for applications to check a given website in the Safe Browsing database. Starting with Google Play Services 9.4, developers can finally use the API in their apps.
The Safe Browsing API uses the latest version of the Safe Browsing Network Protocol, meaning it's designed to be as quick (and use up as little cellular data) as possible. Read More
See that email in the featured image of this post? It's junk. Several developers have received this and rightfully felt very nervous, but it is simply a scheme to get you to turn over your Google credentials to scammers. It isn't the cleverest phishing expedition we've ever seen, but it certainly is better than most. First of all, it is not filled with the kind of typographical and grammatical errors you often see. Also, the biggest giveaway of what is going on is obscured when viewing from Gmail. Read More