ANYONE can read your emails in Gmail and Outlook with troubling new hack, Google warns

We use your sign-up to provide content in ways you’ve consented to and to improve our understanding of you. This may include adverts from us and 3rd parties based on our understanding. You can unsubscribe at any time. More info

Gmail and Outlook users have been put on red alert after hackers discovered a way to read every email in a victim’s inbox. This terrifying new attack is being carried out by a hacking group called Charming Kitten, Google explained in a blog post online. The sneaky attack manages to covertly access the email inboxes of Gmail, Outlook and Yahoo! Mail users and is also capable of deleting any emails victims get saying their security has been compromised.

Once access has been gained to an account emails can be downloaded by the hackers, and then marked as unread – so when a victim logs in there will be no signs that they’ve been hacked.

While this new attack sounds terrifying, the good news is it so far has only been used to target a small amount of high-profile individuals.

The attacks, which allegedly are being carried out by an espionage threat group that say they are being supported by the Iranian government, uses a hacking tool called HYPERSCRAPE.

According to a report by Google’s Threat Analysis Group (TAG), this tool is “used to steal user data from Gmail, Yahoo!, and Microsoft Outlook accounts”.

The attacks have been used on less than two dozen accounts in Iran, with Google notifying affected users who took steps to re-secure their Gmail accounts.

Google shares the evolution of their Gmail app

The oldest HYPERSCAPE attack dates back to 2020, and the hacking tool uses a spoofing technique which makes it seem like an outdated browser.

This lets it access email inboxes in a basic HTML view and then go through messages one by one.

Google said it had published its findings to help “raise awareness on bad actors like Charming Kitten within the security community, and for companies and individuals that may be targeted.”

If you’re a high risk individual that could be targeted by this attack, Google recommends you join its Advanced Protection Programme (APP).

And even if you’re not it’s still a good idea to ensure you take advantage of as many security features as possible to help lock down your email account, including using two factor authentication (2FA) where available and making sure you use a unique password that hasn’t been featured on any previous data breaches.

You can double check if any of your accounts have been compromised by heading to the haveibeenpwned website.

Simply enter in your email address or phone number and you’ll find out if you’ve been the victim of any data breach, with details specifically on when the breach happened and what information was compromised.

Source: Read Full Article