Beware of this sneaky Google phishing scam
Phishing scammers are now posing as Google, sending out urgent emails from what looks like "[email protected]," claiming there's a subpoena from "law enforcement" about the recipient's Google Account. *Bleeping Computer* reveals that these fraudsters are using Google's "Sites" platform to craft convincing phishing emails and websites, designed to scare users into handing over their login details.
According to the email authentication experts at EasyDMARC, these scam emails manage to sidestep Google's DomainKeys Identified Mail (DKIM) checks. How? By cleverly using Google's own tools. The scammers name their fake app with the entire email text, which Google then automatically sends out from its system, making it appear legitimate.
Ross Richendrfer, a spokesperson for Gmail Security Communications, shared Google's response: “We’re aware of this class of targeted attack from this threat actor, and have rolled out protections to shut down this avenue for abuse. In the meantime, we encourage users to adopt two-factor authentication and passkeys, which provide strong protection against these kinds of phishing campaigns.”
Related
- Passkeys: all the news and updates around passwordless sign-ins
Related
- YouTube warns creators an AI-generated video of its CEO is being used for phishing scams
- Now Gmail has blue verified checkmark icons too
When these scam emails are forwarded to a user's Gmail, they stay signed and seem valid because DKIM only verifies the original message and headers. This same DKIM relay trick was used last month to target PayPal users. The phishing email directs victims to a seemingly official support page on sites.google.com, rather than the genuine accounts.google.com, banking on the user not noticing the difference.
Nick Johnson, a developer at Ethereum Name Service, fell victim to this Google phishing scam. He reported it as a misuse of Google OAuth applications, initially dismissed by Google as "working as intended." However, after reconsideration, Google is now addressing the issue.
Update, April 21st: Added statement from Google.
Related article
YouTube Integrates Veo 3 AI Video Tool Directly Into Shorts Platform
YouTube Shorts to Feature Veo 3 AI Video Model This SummerYouTube CEO Neal Mohan revealed during his Cannes Lions keynote that the platform's cutting-edge Veo 3 AI video generation technology will debut on YouTube Shorts later this summer. This follo
Microsoft Teases Budget-Friendly Xbox Cloud Gaming Subscription
Microsoft Explores Affordable Options for Xbox Cloud GamingNew developments suggest Microsoft is moving forward with plans to make Xbox Cloud Gaming more budget-friendly. Following earlier reports about a potential free ad-supported version, company
Elon Musk's Grok AI Seeks Owner's Input Before Tackling Complex Queries
The recently released Grok AI—promoted by Elon Musk as a "maximally truth-seeking" system—has drawn attention for its tendency to consult Musk's public statements before responding to politically sensitive topics. Observers note that when addressing
Comments (1)
0/200
![JackHernández]()
JackHernández
July 30, 2025 at 9:42:05 PM EDT
This scam sounds wild! 😱 Fake Google emails pretending to be law enforcement? That's next-level sneaky. Gotta double-check every email now, ugh.
0
Phishing scammers are now posing as Google, sending out urgent emails from what looks like "[email protected]," claiming there's a subpoena from "law enforcement" about the recipient's Google Account. *Bleeping Computer* reveals that these fraudsters are using Google's "Sites" platform to craft convincing phishing emails and websites, designed to scare users into handing over their login details.
According to the email authentication experts at EasyDMARC, these scam emails manage to sidestep Google's DomainKeys Identified Mail (DKIM) checks. How? By cleverly using Google's own tools. The scammers name their fake app with the entire email text, which Google then automatically sends out from its system, making it appear legitimate.
Ross Richendrfer, a spokesperson for Gmail Security Communications, shared Google's response: “We’re aware of this class of targeted attack from this threat actor, and have rolled out protections to shut down this avenue for abuse. In the meantime, we encourage users to adopt two-factor authentication and passkeys, which provide strong protection against these kinds of phishing campaigns.”
Related
- Passkeys: all the news and updates around passwordless sign-ins
Related
- YouTube warns creators an AI-generated video of its CEO is being used for phishing scams
- Now Gmail has blue verified checkmark icons too
When these scam emails are forwarded to a user's Gmail, they stay signed and seem valid because DKIM only verifies the original message and headers. This same DKIM relay trick was used last month to target PayPal users. The phishing email directs victims to a seemingly official support page on sites.google.com, rather than the genuine accounts.google.com, banking on the user not noticing the difference.
Nick Johnson, a developer at Ethereum Name Service, fell victim to this Google phishing scam. He reported it as a misuse of Google OAuth applications, initially dismissed by Google as "working as intended." However, after reconsideration, Google is now addressing the issue.
Update, April 21st: Added statement from Google.
YouTube Integrates Veo 3 AI Video Tool Directly Into Shorts Platform
YouTube Shorts to Feature Veo 3 AI Video Model This SummerYouTube CEO Neal Mohan revealed during his Cannes Lions keynote that the platform's cutting-edge Veo 3 AI video generation technology will debut on YouTube Shorts later this summer. This follo
Microsoft Teases Budget-Friendly Xbox Cloud Gaming Subscription
Microsoft Explores Affordable Options for Xbox Cloud GamingNew developments suggest Microsoft is moving forward with plans to make Xbox Cloud Gaming more budget-friendly. Following earlier reports about a potential free ad-supported version, company
Elon Musk's Grok AI Seeks Owner's Input Before Tackling Complex Queries
The recently released Grok AI—promoted by Elon Musk as a "maximally truth-seeking" system—has drawn attention for its tendency to consult Musk's public statements before responding to politically sensitive topics. Observers note that when addressing
July 30, 2025 at 9:42:05 PM EDT
This scam sounds wild! 😱 Fake Google emails pretending to be law enforcement? That's next-level sneaky. Gotta double-check every email now, ugh.
0
