icon
icon
icon
icon
Upgrade
Upgrade

News /

Articles /

Ethereum Founder Warns of Advanced Google Phishing Attack

Coin WorldWednesday, Apr 16, 2025 11:25 pm ET
1min read

The founder and lead developer of Ethereum Name Service (ENS), Nick Johnson, has issued a warning to his followers on X about an advanced phishing attack that mimics google to deceive users into divulging their login credentials.

Johnson detailed the attack in an April 16 post, explaining that it exploits Google’s infrastructure to send a fake alert. This alert informs users that their Google data is being shared with law enforcement due to a subpoena. The phishing email passes Google’s DKIM signature check and appears in the user’s inbox without any warnings, even in the same conversation thread as legitimate security alerts.

The fake subpoena appears to originate from a Google no-reply domain, adding to its legitimacy. Users are given the option to view case materials or protest by clicking a support page link, which is hosted on Google Sites. This tool allows anyone with a Google account to create a site that looks legitimate and is hosted under a trusted Google-owned domain.

Johnson noted that while the Google domain name gives the impression of legitimacy, there are still signs that it is a phishing scam. For instance, the email is forwarded by a private email address, which is a red flag.

In an April 11 report, software firm EasyDMARC explained that the phishing scam works by weaponizing Google Sites. Scammers use the Google OAuth app, where they can input any desired text in the App Name field. They also use a domain via Namecheap that allows them to set no-reply@google account as the From address, with the reply address being anything they choose.

Johnson further explained that because DKIM only verifies the message and its headers, not the envelope, the message passes signature validation and appears as a legitimate message in the user’s inbox.

In response to the issue, a Google spokesperson stated that they are aware of the attack and are taking steps to shut down the mechanism that attackers are using. These protections are expected to be fully deployed soon, which will prevent this method of attack from working in the future.

The spokesperson also emphasized the importance of users adopting two-factor authentication and passkeys, which provide strong protection against phishing campaigns. Google will never ask for private account credentials, including passwords, one-time passwords, or push notifications, nor will they call users.

Comments

Add a public comment...
Post
No Comment Yet
Disclaimer: the above is a summary showing certain market information. AInvest is not responsible for any data errors, omissions or other information that may be displayed incorrectly as the data is derived from a third party source. Communications displaying market prices, data and other information available in this post are meant for informational purposes only and are not intended as an offer or solicitation for the purchase or sale of any security. Please do your own research when investing. All investments involve risk and the past performance of a security, or financial product does not guarantee future results or returns. Keep in mind that while diversification may help spread risk, it does not assure a profit, or protect against loss in a down market.
You Can Understand News Better with AI.
Whats the News impact on stock market?
Its impact is
fork
logo
AInvest
Aime Coplilot
Invest Smarter With AI Power.
Open App