Phishing Attack Exploits Google Infrastructure, Targets Users

SlowMist, a prominent cybersecurity firm, recently revealed a sophisticated phishing attack that targeted users by exploiting a vulnerability in Google's infrastructure. The attack, orchestrated by a phishing group, involved sending out emails disguised as official Google communications. These emails falsely informed users that they were under investigation, prompting them to disclose their account passwords and add a Passkey.

The phishing group utilized Google's "sites" service to create a trusted "support portal" page, which included the domain name "google.com." This deception led users to believe the page was secure, as it appeared to be an official Google site. The attackers also ensured that the phishing emails could pass DKIM signature verification, making them appear legitimate in Gmail alongside other genuine security alerts.

SlowMist's founder, Cosmos, highlighted that while Google has taken countermeasures, the phishing group launched a new round of attacks on April 20th. These attacks continued to lure users to a subdomain of "google.com," further exploiting the trust users place in the Google brand. The ENS chief developer, nick.eth, had previously fallen victim to this attack on April 16th, describing it as highly sophisticated and noting that Google had refused to fix the vulnerability.

This incident underscores the evolving tactics of cybercriminals, who are increasingly exploiting trusted domains and services to carry out phishing attacks. Users are advised to remain vigilant and verify the authenticity of any communication that requests sensitive information, even if it appears to come from a trusted source. The use of multi-factor authentication and other security measures can also help mitigate the risk of falling victim to such attacks.