Google Warns Gmail Users of Sophisticated Phishing Scam Using Legit Domains and Security Bypass Tricks

Google has cautioned all Gmail users about a new and deadly phishing campaign that aims to convince them into disclosing their login information. The fraud uses emails that appear official and reliable, even passing Google's security checks, making them more risky.

Nick Johnson, a developer, discovered the scam after receiving an email from "no-reply@google.com" saying a subpoena had been issued for his Google Account data. The email seemed to be authentic, and it contained a link  that seemed like a real Google support page. However, the URL took users to a false Google sign-in page hosted on sites.google.com, a valid Google domain. Once users provided their credentials, attackers had complete access to their accounts.

What's more disturbing is that the email passed advanced security measures like DKIM (DomainKeys Identified Mail) and appeared in the same Gmail thread as genuine Google security alerts. This made it much more difficult to identify as a fraud.

Google confirms that the attackers bypassed security measures using smart OAuth and DKIM techniques. The company is actively working on a fix, which will be fully deployed soon. In the meantime, users should exercise extra caution.

To keep safe,

• Gmail users should avoid opening links in unexpected security emails.
• Always access their Google accounts via the official website.
• Enable two-factor authentication (2FA) and utilize passkeys for added protection.

This event serves as an extreme example that mail from seeming reliable sources can be harmful. Staying cautious and confirming messages directly through reputable websites is vital for protecting your information.

This article is based on information from Money Control