A new phishing scheme is leveraging vulnerabilities in Googleâs infrastructure, making its emails and websites seem legitimate. Developer Nick Johnson shared his experience of receiving an email alleging that Google had been subpoenaed for his data. The email was well-constructed, passed security checks, and originated from a genuine Google address, increasing its authenticity. Victims are then led to a fraudulent Google support page hosted on Google Sites, where they are prompted to enter sensitive credentials, effectively risking their accounts if they proceed.
This recent phishing attack exploits legitimate Google features to send crafted emails that bypass some traditional security measures, targeting victims by masquerading as official communications.
The scam email passed DKIM signature checks and originated from a legitimate Google address, making it especially deceptive as it appeared fully authentic.
Collection
[
|
...
]