Google has issued a new warning over a phishing attack which can bypass the tech giant’s filtering system. The attack is understood to use Google Sites – which creates websites – to spoof legitimate domain names and can evade detection from Google’s DKIM signature check – a robust system used to filter for scams.
Gmail is one of the world‘s most-used email services with 1.8billion user accounts across the world, meaning this security breach could have massive ramifications for millions of users. A phishing attack is designed to motivate people into sharing personal information, including their bank details, passwords, credit card details, or personal data.
Details of the attack were first shared by Nick Johnson, a cryptocurrency influencer. Posting on Twitter, he said: “The first thing to note is that this is a valid, signed email—it really was sent from no-reply@google.com.
“It passes the DKIM signature check, and Gmail displays it without any warnings—it even puts it in the same conversation as other, legitimate security alerts.”
“The site’s link takes you to a very convincing ‘support portal’ page. They’ve cleverly used http://sites.google.com because they know people will see the domain is http://google.com and assume it’s legit.”
The DKIM signature check is designed to filter email from suspicious origins, sending them directly to spam before the user has a chance to see them. However, the filter sees these emails as coming from a legitimate source as they’ve used a domain name generated by Google Sites.
Google told Newsweek it was taking steps to deal with the attack. A spokesperson said: “We’re aware of this class of targeted attack from the threat actor, Rockfoils, and have been rolling out protections for the past week. These protections will soon be fully deployed, which will shut down this avenue for abuse.
“In the meantime, we encourage users to adopt two-factor authentication and passkeys, which provide strong protection against these kinds of phishing campaigns.”
In another statement on their website, Google says: “Be careful anytime you receive a message from a site asking for personal information. If you get this type of message, don’t provide the information requested without confirming that the site is legitimate.
“If possible, open the site in another window instead of clicking the link in your email. Google will never send unsolicited messages asking for your password or other personal information.”
Email users should be on guard over the coming weeks, especially of those asking for personal data. While many people will check the domain or the email address to decide whether it’s legitimate, it’s worth taking additional steps.
The Mirror previously published an article on how to check for various types of scams. You can find it HERE.
At Reach and across our entities we and our partners use information collected through cookies and other identifiers from your device to improve experience on our site, analyse how it is used and to show personalised advertising. You can opt out of the sale or sharing of your data, at any time clicking the “Do Not Sell or Share my Data” button at the bottom of the webpage. Please note that your preferences are browser specific. Use of our website and any of our services represents your acceptance of the use of cookies and consent to the practices described in our Privacy Notice and Cookie Notice.
