Google has alerted its 3 billion Gmail users about a sophisticated phishing scam that is tricking even seasoned tech professionals. Developer Nick Johnson recently shared his experience of nearly falling victim to an email that impersonated a legitimate Google address. The email, disguised as a subpoena related to his Google account, contained links to a fake support portal mimicking real Google pages. While Google has addressed the loophole, it urges users to enable two-factor authentication to bolster security against such threats.
"Recently I was targeted by an extremely sophisticated phishing attack. It exploits a vulnerability in Google's infrastructure, and given their refusal to fix it, we're likely to see it a lot more."
"The only hint it’s a phish is that it’s hosted on sites.google.com instead of accounts.google.com."
"From there, presumably, they harvest your login credentials and use them to compromise your account."
"In the meantime, we encourage users to adopt two-factor authentication and passkeys, which provide strong protection against these kinds of phishing campaigns."
Collection
[
|
...
]