A new phishing scam is targeting cryptocurrency users by exploiting a weakness in Google’s infrastructure. The scam involves emails that appear to be from Google, but are actually designed to steal login credentials.
How the Scam Works
The emails look legitimate because they are signed with valid Google keys. They claim to be legal notifications from Google, stating that the recipient has been issued a court summons related to their Google account. The emails are sent from the official address no-reply@google.com and pass all Gmail security checks, including DKIM verification.
The emails direct users to a fake Google support page hosted on sites.google.com, a legacy Google service. This page is designed to capture login credentials. The attackers can easily update the page to avoid detection.
The Root of the Problem
The scam works because the attackers create a Google account and an OAuth app that appears to be legitimate. The app is granted access to the fake account, allowing the attackers to generate a real security alert. This alert is then sent to the target’s email address, making it appear as though it came from Google.
Nick Johnson, a developer with Ethereum Name Service, reported the issue to Google. However, the company responded that the behavior was “as expected” and took no action.
Protecting Yourself
Johnson is warning users to be cautious. He advises being wary of emails that claim to be from Google and request action, even if they appear legitimate. Users should always check the URL before entering sensitive information.
The scam highlights how even major platforms like Google can be used for massive fraud if vulnerabilities are not addressed. As digital infrastructure becomes more complex, so do the tactics of attackers.