A recent report highlights a sophisticated method used by attackers to create fake security alerts from Google and PayPal, making them appear extremely convincing. This method is causing concern among security experts and individuals alike, emphasizing the need for a simple yet effective safeguard whenever receiving important emails.
Phishing attacks work by sending fake emails claiming to be from a company or organization, often with a link asking users to log in. The email creates a sense of urgency, such as claiming account compromise, and leads to a webpage designed to collect login credentials. Despite security measures taken by companies like Apple and Google, scammers have found ways to bypass these protections.
A case study involves Nick Johnson, the lead developer of Ethereum Name Service (ENS), who received a fake security alert from Google. The email appeared legitimate, with Google’s branding and authentication methods intact, including DomainKeys Identified Mail (DKIM). However, the attacker had created a fake login page on sites.google.com, which was then forwarded to victims.
The weakness in Google’s systems lies in DKIM checks only verifying message content and headers, not the envelope. This allows fake emails to pass signature validation and appear legitimate in the inbox. Furthermore, emails sent from the fraudulent address me@ are shown as delivered to the victim’s email address, making them seem authentic.
To protect yourself, it is crucial to never click on links received in email, even if they appear genuine. Instead, use your own bookmarks or type a known genuine URL. Be wary of emails that create a sense of urgency, such as claiming account compromise, sending fake invoices, or demanding payment for non-existent services.
Source: https://9to5mac.com/2025/04/21/psa-watch-out-for-ultra-convincing-phishing-emails-from-google-paypal