Category Archives: Google Apps

A user of mine was recently prompted by an app purporting to be from Google to re-enter their password on their personal phone.This prompt was derived in the form of an un-dismissible notification.

Upon clicking the notification, a message saying that “There’s been a change to your Google Account. For your security, sign in again.”

Other than the fact that this does look and feel like a legitimate request a number of indicators made the user (and myself) suspicious.

• None of the Google services, Gmail, Google maps etc. had been signed
  out, despite the wording of the message asking the user to sign in
  again.
• Two factor authentication is enabled, although the Android devices
  that is displaying the notification is used to receive the second
  factor. The second factor once received is automatically used by
  the app without the user needing to take any action.
• Upon checking active connections a HTTP connection on TCP/443 and VNC
  connection on TCP/5228 had been established. The VNC connection is
  unexplained, and could be false positive down to the way the SockStat
  app guesses services on the port
• Looking at recent logins, this login is not listed.
• The installation of 3rd party app has been enabled in the past as the user is IT based and has installed 3rd party utilities. (Although not in recent memory, and they have since been removed)
• The phone has no Anti Virus installed
• The user browses the internet with “reckless abandon”

What practical steps can be taken on the phone by a user to confirm that this app is legitimate and not a phishing attempt before entering their password?

Continue reading How to confirm that a ‘Google Play Services’ app isn’t a phishing attempt?→