Beware of this sneaky Google phishing scam
Phishing scammers are now posing as Google, sending out urgent emails from what looks like "[email protected]," claiming there's a subpoena from "law enforcement" about the recipient's Google Account. *Bleeping Computer* reveals that these fraudsters are using Google's "Sites" platform to craft convincing phishing emails and websites, designed to scare users into handing over their login details.
According to the email authentication experts at EasyDMARC, these scam emails manage to sidestep Google's DomainKeys Identified Mail (DKIM) checks. How? By cleverly using Google's own tools. The scammers name their fake app with the entire email text, which Google then automatically sends out from its system, making it appear legitimate.
Ross Richendrfer, a spokesperson for Gmail Security Communications, shared Google's response: “We’re aware of this class of targeted attack from this threat actor, and have rolled out protections to shut down this avenue for abuse. In the meantime, we encourage users to adopt two-factor authentication and passkeys, which provide strong protection against these kinds of phishing campaigns.”
Related
- Passkeys: all the news and updates around passwordless sign-ins
Related
- YouTube warns creators an AI-generated video of its CEO is being used for phishing scams
- Now Gmail has blue verified checkmark icons too
When these scam emails are forwarded to a user's Gmail, they stay signed and seem valid because DKIM only verifies the original message and headers. This same DKIM relay trick was used last month to target PayPal users. The phishing email directs victims to a seemingly official support page on sites.google.com, rather than the genuine accounts.google.com, banking on the user not noticing the difference.
Nick Johnson, a developer at Ethereum Name Service, fell victim to this Google phishing scam. He reported it as a misuse of Google OAuth applications, initially dismissed by Google as "working as intended." However, after reconsideration, Google is now addressing the issue.
Update, April 21st: Added statement from Google.
Related article
Apple Users Can Claim Share of $95M Siri Privacy Settlement
Apple device owners in the US can now apply for a portion of a $95 million settlement addressing Siri privacy concerns. A dedicated website facilitates fund distribution for those who experienced unin
Google Unveils Production-Ready Gemini 2.5 AI Models to Rival OpenAI in Enterprise Market
Google intensified its AI strategy Monday, launching its advanced Gemini 2.5 models for enterprise use and introducing a cost-efficient variant to compete on price and performance.The Alphabet-owned c
Meta Enhances AI Security with Advanced Llama Tools
Meta has released new Llama security tools to bolster AI development and protect against emerging threats.These upgraded Llama AI model security tools are paired with Meta’s new resources to empower c
Comments (1)
0/200
![JackHernández]()
JackHernández
July 30, 2025 at 9:42:05 PM EDT
This scam sounds wild! 😱 Fake Google emails pretending to be law enforcement? That's next-level sneaky. Gotta double-check every email now, ugh.
0
Phishing scammers are now posing as Google, sending out urgent emails from what looks like "[email protected]," claiming there's a subpoena from "law enforcement" about the recipient's Google Account. *Bleeping Computer* reveals that these fraudsters are using Google's "Sites" platform to craft convincing phishing emails and websites, designed to scare users into handing over their login details.
According to the email authentication experts at EasyDMARC, these scam emails manage to sidestep Google's DomainKeys Identified Mail (DKIM) checks. How? By cleverly using Google's own tools. The scammers name their fake app with the entire email text, which Google then automatically sends out from its system, making it appear legitimate.
Ross Richendrfer, a spokesperson for Gmail Security Communications, shared Google's response: “We’re aware of this class of targeted attack from this threat actor, and have rolled out protections to shut down this avenue for abuse. In the meantime, we encourage users to adopt two-factor authentication and passkeys, which provide strong protection against these kinds of phishing campaigns.”
Related
- Passkeys: all the news and updates around passwordless sign-ins
Related
- YouTube warns creators an AI-generated video of its CEO is being used for phishing scams
- Now Gmail has blue verified checkmark icons too
When these scam emails are forwarded to a user's Gmail, they stay signed and seem valid because DKIM only verifies the original message and headers. This same DKIM relay trick was used last month to target PayPal users. The phishing email directs victims to a seemingly official support page on sites.google.com, rather than the genuine accounts.google.com, banking on the user not noticing the difference.
Nick Johnson, a developer at Ethereum Name Service, fell victim to this Google phishing scam. He reported it as a misuse of Google OAuth applications, initially dismissed by Google as "working as intended." However, after reconsideration, Google is now addressing the issue.
Update, April 21st: Added statement from Google.
Apple Users Can Claim Share of $95M Siri Privacy Settlement
Apple device owners in the US can now apply for a portion of a $95 million settlement addressing Siri privacy concerns. A dedicated website facilitates fund distribution for those who experienced unin
Google Unveils Production-Ready Gemini 2.5 AI Models to Rival OpenAI in Enterprise Market
Google intensified its AI strategy Monday, launching its advanced Gemini 2.5 models for enterprise use and introducing a cost-efficient variant to compete on price and performance.The Alphabet-owned c
Meta Enhances AI Security with Advanced Llama Tools
Meta has released new Llama security tools to bolster AI development and protect against emerging threats.These upgraded Llama AI model security tools are paired with Meta’s new resources to empower c
July 30, 2025 at 9:42:05 PM EDT
This scam sounds wild! 😱 Fake Google emails pretending to be law enforcement? That's next-level sneaky. Gotta double-check every email now, ugh.
0
