Phishers Exploit Google Emails to Steal Logins
Phishers are using a new, sophisticated trick to steal user credentials through seemingly authentic Google emails.
A recent report revealed attackers are sending fake messages using Google’s infrastructure. These emails pass all authentication checks, including DKIM, SPF, and DMARC.
For example, one message pretends to be from Google, claiming there’s a subpoena for the user. It includes a link to a sites.google.com page. The link leads to a fake Google Support page. From there, users are urged to upload documents or view a fake legal case.
However, clicking these options redirects them to a phony Google sign-in page. Although it looks real, it’s hosted on Google Sites.
Therefore, it becomes very easy for attackers to collect login credentials. The use of sites.google.com, a legacy tool, helps avoid suspicion. The attackers exploit DKIM replay. First, they create a new Google account with a domain like me@domain.com. Then they set up an OAuth app and generate a real Google alert.
That alert is forwarded using Outlook, while keeping the original DKIM signature. As a result, Gmail sees it as a legitimate message from Google.
This clever trick also uses the Gmail display feature. Because the message was sent to me@, Gmail shows it as sent to “me,” making it look even more real.
Furthermore, the phishing emails are often routed through a custom SMTP service and forwarded via other email platforms, such as Namecheap.
Researchers also note a rise in SVG-based phishing attacks. These use image attachments that can run HTML and JavaScript, leading users to fake login pages.
For example, some SVG files redirect victims to sites imitating Microsoft or Google Voice to steal sensitive login details.
How to Protect Yourself from Phishing Attacks
To stay safe, always check the sender’s email address carefully. Avoid clicking on links in unexpected messages, even if they appear to come from Google.
Enable two-factor authentication on all your accounts. This extra layer of security helps block unauthorized access. Update your browser and email security settings to detect malicious links. If an email seems suspicious, report it and delete it.
Finally, educate others in your organization about phishing tactics. Awareness is the first and most powerful line of defense.
Sleep well, we got you covered.
