In a highly sophisticated phishing campaign, hackers are said to have successfully exploited Google’s infrastructure to send deceptive emails that appear to come from a legitimate Google address to trick users into handing over their login credentials.
The attack, brought to light recently by Nick Johnson, lead developer of the Ethereum Name Service (ENS), involved emails sent from no-reply@google.com that passed DomainKeys Identified Mail (DKIM) authentication — fooling Gmail into treating them as authentic security alerts.“These emails are valid, signed, and display no warnings in Gmail,” Johnson said on X (formerly Twitter).
“They appear in the same thread as real Google security alerts, making them even more convincing.”
The emails claim to notify recipients of a subpoena involving unspecified content from their Google Account and prompt users to click a sites.google.com link to “examine the case materials” or “submit a protest.” The link leads to a counterfeit Google Support page hosted on Google Sites, where users are asked to either “upload additional documents” or “view [the] case.” These buttons redirect to a near-perfect replica of the Google Account sign-in page—designed to harvest user credentials.
“The only hint it’s a phishing attack is that it’s hosted on ‘sites.google.com’ instead of ‘accounts.google.com’,” Johnson noted.Johnson warned that the realistic design and subtle domain differences make the phishing attempt especially dangerous. “These scams are designed to look as real as possible,” he said. “Users who don’t spot the slightly altered domain could risk identity theft or financial loss.”
Nick
Lorem ipsum dolor sit amet, consectetur adipisicing elit. Minima incidunt voluptates nemo, dolor optio quia architecto quis delectus perspiciatis. Nobis atque id hic neque possimus voluptatum voluptatibus tenetur, perspiciatis consequuntur.