Slow Mist Cosine: A phishing gang uses Google subdomains to launch a new round of phishing attacks, inducing users to leak account passwords

BlockBeats News: On April 20th, Cosine, the founder of SlowMist, posted on social media that the chief developer of ENS had been targeted by a phishing attack that exploited a vulnerability in Google's infrastructure. The phishing gang deceived users into being targeted by law enforcement by disguising Google's official phishing emails. Although Google is undergoing adversarial upgrades. However, today the phishing gang has launched a new round of phishing attacks and will continue to lure users to the "(Google. com)" subdomain, causing them to leak their account passwords and immediately add Passkeys. BlockBeats previously reported that on April 16th, ENS chief developer Nick. eth posted that he had encountered an extremely complex phishing attack that exploited a vulnerability in Google's infrastructure, but Google refused to fix the vulnerability. He stated that the attack email looks very authentic, can be verified by DKIM signature, and displayed normally by GMail, and is placed in the same conversation with other legitimate security warnings. The attacker exploited Google's "Sites" service and created a trusted "Support Portal" page, as users would mistakenly believe it was secure when they saw the domain name containing "(Google. com)". Users should be cautious.