Source: Cointelegraph Original: "{title}"
The founder and chief developer of Ethereum Name Service (ENS) has warned his followers on the X platform about a "highly sophisticated" phishing attack that can impersonate Google, tricking users into revealing their login credentials.
Nick Johnson of ENS stated in a post on the X platform on April 16 that this phishing attack exploits Google's infrastructure to send fake alerts to users, informing them that their data is being shared with law enforcement due to a subpoena.
He said, "It passed DKIM signature checks, and Gmail showed no warnings—it even placed it in the same conversation as other legitimate security alerts."
As part of the attack, users are offered the opportunity to view case materials or contest the issue by clicking a link to a support page, which uses Google Sites, a tool that can be used to create websites on Google subdomains, Johnson noted.
He added, "From there, they may collect your login credentials and use them to compromise your account; I did not investigate further."
While Google's domain gives a legitimate impression, Johnson pointed out that there are still some obvious signs indicating this is a phishing scam, such as the email being forwarded from a private email address.
Scammers Exploiting Google's System
In a report on April 11, software company EasyDMARC explained how this phishing scam is conducted by leveraging Google Sites.
Anyone with a Google account can create a seemingly legitimate site and host it under a trusted Google-owned domain.
They also use Google OAuth applications, where "the key trick is that you can fill in anything in the application name field of Google," and use a domain from Namecheap, allowing them to "set no-reply@google as the sender address, while the reply address can be any address."
"Finally, they forward the information to the victims. Since DKIM only verifies the message and its header information, not the envelope, the message passed signature verification and appeared as legitimate information in the user's inbox—even appearing in the same thread as real security alerts," Johnson said.
Google Set to Deploy Countermeasures
A spokesperson for Google told Cointelegraph that they are aware of the issue and are shutting down the mechanism that attackers use to insert "arbitrary length text," which will prevent this method of attack from being effective in the future.
"We have become aware of this type of targeted attack from the threat actor Rockfoils and have begun rolling out protective measures over the past week. These measures will be fully deployed soon, at which point this abuse pathway will be closed," the spokesperson stated.
"In the meantime, we encourage users to enable two-factor authentication and password keys, which can provide strong protection against such phishing attacks."
The spokesperson added that Google will never ask for any private account credentials—including passwords, one-time codes, or push notifications—nor will they call users.
Related: Raydium Launches LaunchLab to Compete with Meme Coin Maker Pump.fun
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
