Google issues urgent warning to Gmail users about phishing attacks from verified emails, says working on fix
Recently, a flaw has been found in Google's system that allows attackers to send authentic-looking emails to victims. The tech giant has acknowledged the issue.
Google has recently issued a warning to all Gmail users regarding a new phishing attack that poses a serious threat. This attack is particularly dangerous because it uses emails that look legitimate, allowing it to slip past common security measures. The attackers deceive victims into revealing their account credentials. The tech giant has acknowledged this threat and is working to deploy a fix. In the meantime, it urges users to be cautious when responding to emails that seem to come from trusted sources like Google.
How does this attack work?
The flaw in the system came to light when software developer Nick Johnson shared on X that he received an email appearing to be from “no-reply@google.com.” The message claimed a subpoena had been issued for his Google Account data. Although the email contained a link that looked like it would take users to an official Google support page, it actually directed them to a phishing site hosted on Google’s own platform, sites.google.com.
What added to the email's credibility was its passage through Google's authentication checks, including DomainKeys Identified Mail (DKIM). Furthermore, the phishing message was delivered within the same Gmail conversation thread as genuine Google security alerts, which further bolstered its authenticity.
Clicking the link took users to a cloned Google sign-in page hosted on a Google subdomain. This page was expertly designed to collect login credentials under the guise of allowing users to contest the subpoena. If users entered their credentials, the attackers would gain complete access to their Gmail accounts and associated data.
Google has recognised this phishing campaign and confirmed that it creatively leveraged OAuth and DKIM mechanisms. In a statement, the company announced it is implementing measures to counter this specific threat and expects to have the solution “fully deployed” soon. Additionally, Google is encouraging users to enable two-factor authentication and use passkeys to strengthen their account security.
ALSO READ: Your phone is listening to your conversations: Check these settings immediately