A sophisticated phishing attack has exploited Google's infrastructure, sending legitimate-looking emails from no-reply@google.com, passing DKIM checks. The emails alert recipients about a fictitious subpoena, directing them to click a link leading to a fraudulent Google Sites page. This site mimics Google's Support page and collects credentials. The complexity arises from the ease of using Google Sites to create these replicas, alongside a lack of effective abuse reporting mechanisms, highlighting challenges in detecting and countering such threats.
The first thing to note is that this is a valid, signed email - it really was sent from no-reply@google.com, it passes the DKIM signature check.
sites.google.com is a legacy product from before Google got serious about security; it allows users to host content on a google.com subdomain.
Collection
[
|
...
]