Google tackles new Gmail phishing scam
Google has confirmed that it is addressing a new phishing attack targeting Gmail users, which recently gained widespread attention.
The attack, which uses the Google Sites feature to fake legitimate domain names, appears able to bypass Gmail's DKIM signature check, which filters for scams and suspicious mail, News.Az reports, citing Newsweek.
With 1.8 billion user accounts across the world, Gmail is one of the most important email providers active today, and any breach to its security could have huge ramifications for millions of people. Phishing attacks often attempt to get people to share personal information, like Social Security numbers, which enables criminals to access finances.
Reports of the attack first emerged when cryptocurrency influencer Nick Johnson posted a thread on X, formerly Twitter, outlining the scam.
"The first thing to note is that this is a valid, signed email—it really was sent from no-reply@google.com," Johnson wrote.
"It passes the DKIM signature check, and Gmail displays it without any warnings—it even puts it in the same conversation as other, legitimate security alerts."
"The site's link takes you to a very convincing 'support portal' page. They've cleverly used http://sites.google.com because they know people will see the domain is http://google.com and assume it's legit."
Google's DKIM signature check normally filters emails from a suspicious origin to a spam folder, but because the attack uses a domain generated by Google Sites, the check sees the origin as legitimate, placing the email in inboxes like other alerts.
In a statement to Newsweek, Google confirmed that it was aware of the attack and was taking steps to ensure it was properly dealt with.
A spokesperson for Google said: "We're aware of this class of targeted attack from the threat actor, Rockfoils, and have been rolling out protections for the past week. These protections will soon be fully deployed, which will shut down this avenue for abuse.
"In the meantime, we encourage users to adopt two-factor authentication and passkeys, which provide strong protection against these kinds of phishing campaigns."
News.Az
