This is a digital wolf masquerading as a sheep.
Phishing attempts are becoming nearly indistinguishable from real transactions. Recently, Technology Spelling issued a warning regarding a highly sophisticated Google Spoofing scheme where cybercriminals use authentic-looking Gmail communications to hijack user accounts.
Nick Johnson, the lead developer at Ethereum Name Service (ENS), shared his experience with this digital trojan horse through a series of posts. “I’ve recently been targeted by a particularly advanced phishing attack, and I want to draw attention to it,” he wrote, describing this chameleon scheme. “We’re likely to see more of these since it exploits a vulnerability in Google’s infrastructure, which they have yet to fix.”
In this instance, the phishing scheme masqueraded as a legitimate law enforcement request.
Even more bewildering, the email appeared to come from an official no-reply Google domain. “This notification warns that a subpoena has been issued to Google LLC by law enforcement agencies seeking to search for information in their Google account,” a screenshot of the message read. “Please refer to the provided Google Support Case to view materials and take steps to submit a protest.”
Clicking on options like Upload Additional Documents or View Case would redirect users to a sign-in page, prompting them to enter their credentials.
“I didn’t investigate further,” Johnson noted.
This response was particularly sinister as it linked to a highly convincing “Support Portal” page.
The cybercriminals also utilized Google Sites, a platform for creating websites without coding skills. “And we assume that it’s legal,” Johnson commented.
To further complicate matters, Tech Whiz highlighted that these emails originated from legitimate Google domain responsibilities and were mixed in with other real security alerts.
Following this incident, Johnson has urged Google to disable scripts and optional embeddings on their site, which make Gmail vulnerable to phishing.
How did the hackers manage to evade detection? Johnson pointed out “two vulnerabilities” in Google’s infrastructure that remain unaddressed. “Historically, the sites.google.com product dates back to a time before Google prioritized security,” he explained, allowing anyone to host content on a Google.com subdomain.
“Clearly, this makes it easy to set up fraudulent sites. You need to be ready to upload a new version to outsmart Google’s abuse team,” he remarked.
Fortunately, there are methods to identify this deception. One phishing attempt was sent from privatemail.com to the address “me@blah,” while the header appeared signed by accounts.google.com, noted the Cybersecurity Maven.
Johnson also pointed out that beneath the phishing message were numerous ‘white’ identifiers under “Google legal support granted access to Google accounts,” along with the suspicious Me@… email address again.
In light of these events, Johnson has repeated his request for Google to implement security measures to combat phishing.
This post reached out to Google for comment.
