E-mail imitates Google’s own communication very convincingly: redirects to fake support site, where passwords, social security numbers or bank account details are stolen.
A new scheme of phishingwhich targets all Gmail users, uses Google’s own infrastructure to steal Google account information from the recipient.
The e-mail that is circulating states that Google LLC has received a subpoena from a law application agency and asks for account information, very convincingly imitating Google’s own communication: it is signed and sent from the email, which usually sends users warnings about your account.
It was Nick Johnson software programmer who first drew attention to the scheme on the X social network. He was almost the victim of the attack that “explores a vulnerability in Google’s infrastructure and, given his refusal to correct it, is likely to see her much more often,”.
The message looks official enough to pass Gmail’s internal safety checks, appearing even on the topic that Google’s genuine security alerts.
A Google has already recognized the problem in a statement to:
“We are aware of this type of target attack and we have been implementing protection measures over the past week. These measures will be fully implemented soon, which will prevent this type of abuse. However, We recommend to users to adopt the authentication of two factors and keys of accesswhich offer robust protection against this type of phishing campaigns. ”
The programmer also helped identify a Subtle detail in the email, to identify the scheme: While legitimate security messages are housed in “accounts.google.com”, fraudulents are housed in “sites.google.com”.
The unlucky ones that click on fraudulent email are redirected to a fake support portal, designed to replicate Google’s login pages. Criminals use these pages to collect start-up credentials, passing words and sensitive personal information, such as social security numbers and bank account details – Data that may allow them to drain the financial accounts of the victims.
To avoid being a victim, cybersecurity experts advise not to use passwords just to access Gmail, even with the authentication of two activated factors-it can be compromised if the attackers obtain start-up credentials and intercede the verification codes sent by text.
Instead, Users should use passkeyswhich store a private key on your device. As long as the user has his device, this method provides a safer authentication process without the typical passingwords.
If in doubt, users should verify the legitimacy of the messages directly contacting relevant organizations through checked phone numbers-and not responding to their own emails or text messages.
