Gmail user? Beware of this sophicated phishing attack | Technology News
Gmail is one of the most commonly used email services across the world, known for its ease of use and enhanced user protection with multi-level security protocols. However, despite these measures, the platform remains vulnerable to phishing attacks, where cybercriminals employ new techniques to gain access to Gmail accounts. These compromised accounts are often used for illicit activities, potentially leading to data theft and financial losses.
An X user named nick.eth, with the username @nicksdjohnson, recently shared an incident in which he was the victim of an “extremely sophicated phishing attack,” highlighting a vulnerability in Google’s infrastructure.
Recently I was targeted an extremely sophicated phishing attack, and I want to highlight it here. It exploits a vulnerability in Google’s infrastructure, and given their refusal to fix it, we’re likely to see it a lot more. Here’s the email I got: pic.twitter.com/tScmxj3um6
— nick.eth (@nicksdjohnson) April 16, 2025
Nick received an email on April 15 from a valid, signed email address—no-reply@google.com—which even passed the DKIM signature check. The email asked him to produce a copy of his Google account content. When he clicked the link, he was redirected to a “support portal” page hosted on a domain containing sites.google.com. At first glance, this could easily convince anyone that it was a legitimate Google website—but it was not.
The website featured a login page that was identical to Google’s, designed specifically to harvest user credentials. According to Nick, this was made possible due to two major vulnerabilities in Google’s system:
Story continues below this ad
A fake portal hosted via sites.google.com, which allows anyone to host content on Google’s subdomain.
The use of a legitimate-looking sender email address.
Nick has submitted a report to Google, and the company is currently working on patching the vulnerability.
Until Google addresses the issue, it’s crucial to always verify the source of any email before clicking on links or sharing personal information. Given that email accounts are often targeted various phishing campaigns, staying vigilant is key to protecting yourself from such sophicated attacks.
© IE Online Media Services Pvt Ltd
Expand
