The post Google vulnerability enables convincing phishing attack targeting crypto users appeared on BitcoinEthereumNews.com.

Ethereum Name Service (ENS) lead developer Nick Johnson has alerted crypto users to a new form of phishing scam involving Google infrastructure. In a post on X, Johnson explained how scammers exploit a vulnerability in Google infrastructure. According to Johnson, scammers can send valid mail informing users that a subpoena has been served on Google to surrender information to their Google account. This security alert, which looks completely real, asks the user to protest the subpoena or examine the case materials. Fake phishing email that appears to be from Google (Source: Nick Johnson) He said: “The first thing to note is that this is a valid, signed email – it really was sent from no-reply@google.com. It passes the DKIM signature check, and GMail displays it without any warnings – it even puts it in the same conversation as other, legitimate security alerts.” Once users click on the link in the email, they have to sign the purported support page. However, the support portal has sites.google.com as its URL, a ploy to deceive users into thinking it is genuine. According to Johnson, this fake support page is likely a phishing site where scammers harvest users’ login credentials. The ENS developer noted that the vulnerability will likely remain, especially since Google has refused to act on it. Therefore, it is important for users to be aware and protect themselves. Scammers exploiting Google Sites to create fake support pages Meanwhile, Johnson explained how bad actors created fake Google Support pages that looked real. According to him, sites.google.com is a legacy product from the tech giant that allows users to host their content on the Google.com subdomain. He noted that the product allows scrips and embeds, which is how scammers are able to build credential harvesting sites on the Google subdomain and upload new…

---

Filed under: News - @ April 16, 2025 9:21 pm