Google has confirmed it is responding to a new phishing attack that bypasses Gmail’s signature check, allowing scammers to send fake emails from legitimate domains. The attack uses the Google Sites feature to create convincing “support portal” pages.
According to reports, the scam originated from cryptocurrency influencer Nick Johnson, who posted about the fake email on X (formerly Twitter). Johnson noted that the email appeared valid and had passed Gmail’s DKIM signature check, which usually filters suspicious emails.
Google’s response was swift, with a spokesperson stating that the company has been rolling out protections to combat the attack. They advise users to adopt two-factor authentication and passkeys for strong protection against phishing campaigns.
Users should be cautious of any emails requesting personal information, even if they appear legitimate. Google emphasizes that its platform will never send unsolicited messages asking for passwords or sensitive data.
The attack highlights the importance of vigilance in online security, particularly with 1.8 billion Gmail user accounts at risk. Google’s efforts to combat this phishing scam serve as a reminder to users to prioritize email safety and best practices.
Source: https://www.newsweek.com/google-responds-major-email-scam-2060855