{"id":9864,"date":"2021-08-03T11:01:25","date_gmt":"2021-08-03T08:01:25","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=9864"},"modified":"2021-08-03T11:01:25","modified_gmt":"2021-08-03T08:01:25","slug":"google-script-phishing","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/google-script-phishing\/9864\/","title":{"rendered":"Google Apps Script ile Kimlik Av\u0131"},"content":{"rendered":"<p>Sald\u0131rganlar\u0131n, \u015firket \u00e7al\u0131\u015fanlar\u0131ndan kurumsal e-posta bilgilerini \u00e7almak i\u00e7in \u00f6nce \u015firketin e-posta sunucular\u0131ndaki kimlik av\u0131 kar\u015f\u0131t\u0131 \u00e7\u00f6z\u00fcmleri a\u015fmalar\u0131 gerekiyor. Fark edilmemek i\u00e7in de yasal internet hizmetlerini, yani bir JavaScript tabanl\u0131 komut dosyas\u0131 platformu olan Google Apps Script\u2019i giderek daha da \u00e7ok kullan\u0131yorlar.<\/p>\n<h2>Peki Apps Script nedir ve sald\u0131rganlar bunu nas\u0131l kullan\u0131yor?<\/h2>\n<p>Apps Script, \u00fc\u00e7\u00fcnc\u00fc parti uygulamalar\u0131 ve Google \u00fcr\u00fcnleri i\u00e7erisinde yap\u0131lan g\u00f6revleri otomatikle\u015ftirmek i\u00e7in kullan\u0131lan (\u00f6rne\u011fin, Google Docs i\u00e7in eklenti olu\u015fturmak) JavaScript tabanl\u0131 bir platformdur. Temelde komut dosyas\u0131 olu\u015fturmak ve bunlar\u0131 Google alt yap\u0131s\u0131 i\u00e7inde y\u00fcr\u00fctmek i\u00e7in olu\u015fturulmu\u015f bir hizmettir.<\/p>\n<p>Sald\u0131rganlar e-posta kimlik av\u0131 sald\u0131r\u0131lar\u0131nda bu hizmeti y\u00f6nlendirme i\u00e7in kullan\u0131r. Siber su\u00e7lular mesaja do\u011frudan k\u00f6t\u00fc ama\u00e7l\u0131 bir internet sitesinin URL\u2019sini eklemek yerine bir <em>komut dosyas\u0131na<\/em> ba\u011flant\u0131 yerle\u015ftirebilirler. Bu \u015fekilde e-posta sunucusu seviyesindeki kimlik av\u0131na kar\u015f\u0131 koruma \u00e7\u00f6z\u00fcmleri atlatabilirler. Zaten \u00e7ok bilinen yasal bir Google sitesine y\u00f6nlendiren k\u00f6pr\u00fcler \u00e7o\u011fu filtreden rahatl\u0131kla ge\u00e7ebilir. Tespit edilemeyen kimlik av\u0131 sitelerinin daha uzun s\u00fcre aktif kalmas\u0131 da siber su\u00e7lular\u0131n i\u015fine yarar. Bu sald\u0131r\u0131 ayn\u0131 zamanda sald\u0131rganlara, gerekirse komut dosyas\u0131n\u0131 de\u011fi\u015ftirebilme (g\u00fcvenlik \u00e7\u00f6z\u00fcmleri onlar\u0131 tespit ederse) ve i\u00e7erik teslimi denemeleri yapabilme (\u00f6rne\u011fin kurbanlara, bulunduklar\u0131 yere g\u00f6re ayn\u0131 sitenin farkl\u0131 s\u00fcr\u00fcmlerini g\u00f6nderme) \u00f6zg\u00fcrl\u00fc\u011f\u00fc verir.<\/p>\n<h2>Google Apps Script kullan\u0131larak yap\u0131lan bir sald\u0131r\u0131 \u00f6rne\u011fi<\/h2>\n<p>Sald\u0131rganlar\u0131n yapmas\u0131 gereken tek \u015fey, kullan\u0131c\u0131n\u0131n bir ba\u011flant\u0131ya t\u0131klamas\u0131n\u0131 sa\u011flamakt\u0131r. Son zamanlarda en s\u0131k g\u00f6r\u00fclen y\u00f6ntem, kurbanlara \u201ce-posta kutusu dolu\u201d mesaj\u0131 g\u00f6ndermek. Teoride, bu sald\u0131r\u0131 ba\u015far\u0131l\u0131 olurmu\u015f gibi g\u00f6r\u00fcn\u00fcyor.<\/p>\n<div id=\"attachment_9865\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-9865\" class=\"wp-image-9865 size-large\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/91\/2021\/08\/02185843\/google-scripts-phishing-letter-1-1024x321.jpg\" alt=\"\" width=\"1024\" height=\"321\"><p id=\"caption-attachment-9865\" class=\"wp-caption-text\">\u201cE-posta kutusu dolu\u201d mesaj\u0131n\u0131 kullanan tipik bir kimlik av\u0131 e-postas\u0131<\/p><\/div>\n<p>\u00a0<\/p>\n<p>Ama uygulamaya gelince, sald\u0131rganlar genelde dikkatsiz davran\u0131r ve ger\u00e7ek bildirimleri ay\u0131rt edemeyen kullan\u0131c\u0131lara bile bariz g\u00f6r\u00fcnecek baz\u0131 i\u015faretler b\u0131rak\u0131r:<\/p>\n<ul>\n<li>Bu e-posta Microsoft Outlook taraf\u0131ndan g\u00f6nderilmi\u015f gibi g\u00f6r\u00fcn\u00fcyor ama g\u00f6nderenin e-posta adresi farkl\u0131. E-posta kutusunun dolu oldu\u011funa dair ger\u00e7ek bir bildirim, dahili Exchange sunucusundan geliyor olmal\u0131. (Bir ba\u015fka i\u015faret: G\u00f6nderenin ad\u0131, Microsoft Outlook, \u201cO\u201d yerine \u201cs\u0131f\u0131r\u201d ile yaz\u0131lm\u0131\u015f ve arada bo\u015fluk yok.)<\/li>\n<li>Fare imleci \u201cFix this in storage settings\u201d \u00fczerine gelince \u00e7\u0131kan ba\u011flant\u0131 ise kullan\u0131c\u0131y\u0131 \u015fu Google Apps Script sitesine y\u00f6nlendiriyor:<\/li>\n<\/ul>\n<div id=\"attachment_9866\" style=\"width: 464px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-9866\" class=\"wp-image-9866 size-full\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/91\/2021\/08\/02185906\/google-scripts-phishing-address.jpg\" alt=\"\" width=\"454\" height=\"119\"><p id=\"caption-attachment-9866\" class=\"wp-caption-text\">Google Apps Script\u2019e giden e-posta ba\u011flant\u0131s\u0131<\/p><\/div>\n<p>\u00a0<\/p>\n<ul>\n<li>E-posta kutular\u0131 birden bire dolmaz. Depolama alan\u0131 tamamen dolmadan \u00e7ok \u00f6nce Outlook kullan\u0131c\u0131lar\u0131 uyarmaya ba\u015flar. Depolama kapasitesinin aniden 850MB a\u015f\u0131lmas\u0131, genellikle ayn\u0131 anda \u00e7ok say\u0131da spam e-postas\u0131 al\u0131nd\u0131\u011f\u0131 anlam\u0131na gelir, ki bunun olma ihtimali olduk\u00e7a d\u00fc\u015f\u00fckt\u00fcr.<\/li>\n<\/ul>\n<p>Her durumda, ger\u00e7ek bir Outlook bildirimi \u015f\u00f6yle g\u00f6r\u00fcn\u00fcr:<\/p>\n<div id=\"attachment_9867\" style=\"width: 335px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-9867\" class=\"wp-image-9867 size-full\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/91\/2021\/08\/02185938\/google-scripts-phishing-notification.jpg\" alt=\"\" width=\"325\" height=\"188\"><p id=\"caption-attachment-9867\" class=\"wp-caption-text\">E-posta kutusunun dolmak \u00fczere oldu\u011funa dair ger\u00e7ek bir bildirim<\/p><\/div>\n<ul>\n<li>\u201cFix this in storage settings\u201d ba\u011flant\u0131s\u0131 bir kimlik av\u0131 sitesine y\u00f6nlendiriyor. Bu \u00f6rnekte g\u00f6rd\u00fc\u011f\u00fcm\u00fcz, Outlook\u2019un internet aray\u00fcz\u00fcn\u00fcn giri\u015f sayfas\u0131n\u0131n olduk\u00e7a ikna edici bir kopyas\u0131 olsa da, taray\u0131c\u0131n\u0131n adres \u00e7ubu\u011funa bakarsak sayfan\u0131n \u015firketin altyap\u0131s\u0131nda de\u011fil de sahte bir internet sitesinde oldu\u011funu g\u00f6rebiliriz.<\/li>\n<\/ul>\n<h2>Tuza\u011fa d\u00fc\u015fmemek i\u00e7in ne yap\u0131lmal\u0131?<\/h2>\n<p>Tecr\u00fcbelerimize g\u00f6re kimlik av\u0131 e-postalar\u0131 her zaman kimlik av\u0131 ba\u011flant\u0131lar\u0131 i\u00e7ermeyebilir. Bu nedenle g\u00fcvenilir bir kurumsal koruman\u0131n, hem <a href=\"https:\/\/www.kaspersky.com.tr\/small-to-medium-business-security\/mail-server?icid=tr_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">e-posta sunucusu seviyesind<\/a>e hem de <a href=\"https:\/\/www.kaspersky.com.tr\/small-to-medium-business-security?icid=tr_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">kullan\u0131c\u0131lar\u0131n bilgisayar\u0131nda<\/a> kimlik av\u0131na kar\u015f\u0131 koruma yapabilecek \u00f6zellikleri olmal\u0131d\u0131r.<\/p>\n<p>Buna ek olarak, iyi bir koruma sistemi, g\u00fcncel siber tehditleri ve <a href=\"https:\/\/k-asap.com\/tr\/?icid=tr_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______&amp;utm_source=kdaily&amp;utm_medium=blog&amp;utm_campaign=tr_wpplaceholder_nv0092&amp;utm_content=link&amp;utm_term=tr_kdaily_organic_avmwswubv8qh92b\" target=\"_blank\" rel=\"noopener\">kimlik av\u0131 sald\u0131r\u0131lar\u0131 \u00fczerine \u00e7al\u0131\u015fan fark\u0131ndal\u0131k e\u011fitimi<\/a> vermelidir.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kesb-trial-leadgen\">\n","protected":false},"excerpt":{"rendered":"<p>Doland\u0131r\u0131c\u0131lar, e-posta sunucular\u0131n\u0131n kimlik av\u0131 ba\u011flant\u0131lar\u0131n\u0131 engellemelerini \u00f6nlemek i\u00e7in Google Apps Script \u00fczerinden y\u00f6nlendirmeler kullan\u0131yor.<\/p>\n","protected":false},"author":2598,"featured_media":9868,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1726,1194],"tags":[1921,22,1074,2452,2453],"class_list":{"0":"post-9864","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-enterprise","8":"category-business","9":"tag-e-posta","10":"tag-google","11":"tag-kimlik-avi","12":"tag-komut-dosyalari","13":"tag-outlook"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/google-script-phishing\/9864\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/google-script-phishing\/23086\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/google-script-phishing\/18568\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/google-script-phishing\/9286\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/google-script-phishing\/25070\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/google-script-phishing\/23081\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/google-script-phishing\/22421\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/google-script-phishing\/25708\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/google-script-phishing\/25188\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/google-script-phishing\/31108\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/google-script-phishing\/40795\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/google-script-phishing\/17376\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/google-script-phishing\/17836\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/google-script-phishing\/15083\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/google-script-phishing\/27110\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/google-script-phishing\/31288\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/google-script-phishing\/27325\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/google-script-phishing\/24129\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/google-script-phishing\/29463\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/google-script-phishing\/29255\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/kimlik-avi\/","name":"kimlik av\u0131"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/9864","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2598"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=9864"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/9864\/revisions"}],"predecessor-version":[{"id":9870,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/9864\/revisions\/9870"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/9868"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=9864"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=9864"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=9864"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}