Recently, a clever and dangerous phishing campaign has emerged, where hackers are using trusted Google tools to access user data in a way that's nearly impossible to detect!
Note: Google has started taking action against these attacks, but the risk still exists until the issue is fully resolved.
What’s actually happening?
Hackers are using Google Sites (a service that lets you build websites on a google.com domain) to create fake pages that mimic Google Support or Google Legal Request.
They send emails from a trusted address like no-reply@google.com and pass DKIM verification, because they’re exploiting a vulnerability known as DKIM Replay Attack.
The email tells you there’s a “legal request” or “notice” related to your account and asks you to click a link.
That link takes you to a fake Google Sites page asking you to sign in to your account—and once you do, your login info goes straight to the hackers.
Why is this attack so dangerous?
The emails bypass all security filters because they pass DKIM/SPF/DMARC checks.
The links look completely trustworthy (they’re from google.com).
The fake page is hosted on Google Sites itself, making it hard to suspect anything.
How can you protect yourself?
Enable 2FA (Two-Factor Authentication) on your account.
Use security keys or passkeys if available.
Never enter your credentials from links sent via email.
Double-check the domain of any login page—make sure it's actually google.com, not just something that looks like it.
#CyberSecurity #PhishingAlert #OnlineSafety #GoogleScam #DataProtection #EmailSecurity #DKIMAttack #Infosec #TechNews #StaySafeOnline #HackAlert #CyberThreat #2FA #SecureYourAccount #PrivacyMatters
0 Comments