Beware of Sneaky Google Phishing Scam Exploiting Security

In an alarming development, scammers are leveraging Google and PayPal's tools to create phishing emails that evade standard security checks. This sophisticated scam involves emails that appear to originate from 'no-reply@google.com', presenting themselves as urgent subpoenas related to law enforcement inquiries into the recipient's Google Account.

The scam exploits Google's 'Sites' web-building app to craft phishing websites and emails that mimic legitimate communications. These emails bypass DomainKeys Identified Mail (DKIM) authentication, a security measure designed to detect fake emails, because they are sent through Google's own tools. The scammers cleverly input the email's full text as the name of their fake app, which Google then uses to autofill the email sent to the targeted address.

When these emails are forwarded to a user's Gmail inbox, they maintain their signed and valid status, as DKIM only verifies the message and headers. This tactic was also used in a similar attack targeting PayPal users, demonstrating the scam's versatility and reach.

The phishing emails direct recipients to a seemingly authentic support portal hosted on sites.google.com, rather than the genuine accounts.google.com, in hopes that the subtle difference goes unnoticed. This approach underscores the importance of vigilance and attention to detail in identifying phishing attempts.

Nick Johnson, a developer with Ethereum Name Service, encountered this phishing scam and reported it to Google as a security flaw. Initially, Google dismissed the issue as 'working as intended', but has since acknowledged the problem and is working on a solution.

This incident highlights the evolving nature of cybersecurity threats and the need for continuous adaptation of security measures. Organizations and individuals must remain informed and prepared to counteract such sophisticated phishing tactics.