Beware of this sneaky Google phishing scam
Phishing scammers are now posing as Google, sending out urgent emails from what looks like "[email protected]," claiming there's a subpoena from "law enforcement" about the recipient's Google Account. *Bleeping Computer* reveals that these fraudsters are using Google's "Sites" platform to craft convincing phishing emails and websites, designed to scare users into handing over their login details.
According to the email authentication experts at EasyDMARC, these scam emails manage to sidestep Google's DomainKeys Identified Mail (DKIM) checks. How? By cleverly using Google's own tools. The scammers name their fake app with the entire email text, which Google then automatically sends out from its system, making it appear legitimate.
Ross Richendrfer, a spokesperson for Gmail Security Communications, shared Google's response: “We’re aware of this class of targeted attack from this threat actor, and have rolled out protections to shut down this avenue for abuse. In the meantime, we encourage users to adopt two-factor authentication and passkeys, which provide strong protection against these kinds of phishing campaigns.”
Related
- Passkeys: all the news and updates around passwordless sign-ins
Related
- YouTube warns creators an AI-generated video of its CEO is being used for phishing scams
- Now Gmail has blue verified checkmark icons too
When these scam emails are forwarded to a user's Gmail, they stay signed and seem valid because DKIM only verifies the original message and headers. This same DKIM relay trick was used last month to target PayPal users. The phishing email directs victims to a seemingly official support page on sites.google.com, rather than the genuine accounts.google.com, banking on the user not noticing the difference.
Nick Johnson, a developer at Ethereum Name Service, fell victim to this Google phishing scam. He reported it as a misuse of Google OAuth applications, initially dismissed by Google as "working as intended." However, after reconsideration, Google is now addressing the issue.
Update, April 21st: Added statement from Google.
Related article
YouTube’s TV changes include a redesign and more multiview
YouTube Expands Multiview Beyond Sports—Here’s What’s ComingLove the idea of watching multiple streams at once but wish it wasn’t just for March Madness or NFL Sunday Ticket? Good
Google Rejects Offering Publishers More Options to Opt Out of AI Search
Google's Internal Documents Reveal Publisher Control ControversyAccording to a recently disclosed internal document obtained by Bloomberg, Google considered allowing publishers more granular control over how their content is utilized in AI-driven search features. The document, authored by Google Sea
The next Mario movie’s title got accidentally announced
Did Universal Just Leak the Next Mario Movie Title?It looks like Universal may have accidentally spilled the beans on the title of the next Super Mario Bros. movie—"Super Mario Wor
Comments (0)
0/200
Phishing scammers are now posing as Google, sending out urgent emails from what looks like "[email protected]," claiming there's a subpoena from "law enforcement" about the recipient's Google Account. *Bleeping Computer* reveals that these fraudsters are using Google's "Sites" platform to craft convincing phishing emails and websites, designed to scare users into handing over their login details.
According to the email authentication experts at EasyDMARC, these scam emails manage to sidestep Google's DomainKeys Identified Mail (DKIM) checks. How? By cleverly using Google's own tools. The scammers name their fake app with the entire email text, which Google then automatically sends out from its system, making it appear legitimate.
Ross Richendrfer, a spokesperson for Gmail Security Communications, shared Google's response: “We’re aware of this class of targeted attack from this threat actor, and have rolled out protections to shut down this avenue for abuse. In the meantime, we encourage users to adopt two-factor authentication and passkeys, which provide strong protection against these kinds of phishing campaigns.”
Related
- Passkeys: all the news and updates around passwordless sign-ins
Related
- YouTube warns creators an AI-generated video of its CEO is being used for phishing scams
- Now Gmail has blue verified checkmark icons too
When these scam emails are forwarded to a user's Gmail, they stay signed and seem valid because DKIM only verifies the original message and headers. This same DKIM relay trick was used last month to target PayPal users. The phishing email directs victims to a seemingly official support page on sites.google.com, rather than the genuine accounts.google.com, banking on the user not noticing the difference.
Nick Johnson, a developer at Ethereum Name Service, fell victim to this Google phishing scam. He reported it as a misuse of Google OAuth applications, initially dismissed by Google as "working as intended." However, after reconsideration, Google is now addressing the issue.
Update, April 21st: Added statement from Google.
YouTube’s TV changes include a redesign and more multiview
YouTube Expands Multiview Beyond Sports—Here’s What’s ComingLove the idea of watching multiple streams at once but wish it wasn’t just for March Madness or NFL Sunday Ticket? Good
Google Rejects Offering Publishers More Options to Opt Out of AI Search
Google's Internal Documents Reveal Publisher Control ControversyAccording to a recently disclosed internal document obtained by Bloomberg, Google considered allowing publishers more granular control over how their content is utilized in AI-driven search features. The document, authored by Google Sea
The next Mario movie’s title got accidentally announced
Did Universal Just Leak the Next Mario Movie Title?It looks like Universal may have accidentally spilled the beans on the title of the next Super Mario Bros. movie—"Super Mario Wor
