In a rather clever attack, hackers leveraged a weakness that allowed them to send a fake email that seemed delivered from Google’s systems, passing all verifications but pointing to a fraudulent page that collected logins. The attacker leveraged Google’s infrastructure to trick recipients into accessing a legitimate-looking “support portal” that asks for Google account credentials. The fraudulent message appeared to come from “[email protected]” and passed the DomainKeys Identified Mail (DKIM) authentication method but the real sender was different. Nick Johnson, the lead developer of the Ethereum Name Service (ENS), received a security alert that seemed to be from Google, informing him of a subpoena from a law enforcement authority asking for his Google Account content. Almost everything looked legitimate and Google even placed it with other legitimate security alerts, which would likely trick less technical users that don’t know where to look for the signs of fraud. However, Johnson’s keen eye spotted that the fake support portal in the email was hosted on sites.google.com – Google’s free web-building platform, which raised suspicion. Being on a Google domain, the chances of the recipient to realize they are being targeted are lower.

Full report : In a clever attack, hackers were able to send phishing emails that appeared to come from “[email protected]”, after a similar attack on PayPal users in March.