Preloader

Phishing Alert: Sophisticated Attack Exploits Google Services

Phishing Alert: Sophisticated Attack Exploits Google Services

Phishing Alert: Sophisticated Attack Exploits Google Services

Google has recently issued a warning about a sophisticated phishing campaign in which attackers exploit its legitimate services—particularly Google Sites and the OAuth authentication system—to deceive users into sharing their account information.

In this phishing scheme, cybercriminals send emails that closely resemble official Google communications. These messages appear to come from a legitimate address, such as no-reply@accounts.google.com, and claim that Google has received a legal subpoena requiring account information.

While the email and sender address appear authentic, the embedded links redirect users not to official Google domains like support.google.com, but to sites.google.com—a legitimate Google service often used to build simple websites. This makes it harder for users to detect the fraud.

If the target user is not already signed in, they are redirected to the actual Google login page, then sent to a fake support page that looks almost identical to the real one. These pages often prompt users to download files labeled as "legal documents," which are likely to contain malware or data-stealing tools.

How the Attack Works:

The attackers use trial Google Workspace accounts and register malicious apps through the OAuth system. They craft these apps to include phishing messages and malicious links within the app name itself. Google then sends security emails to users based on the app registration — making the message look genuine.

To deliver the emails, attackers utilize third-party services such as Namecheap, which allow email forwarding. This clever trick lets them bypass traditional spam filters and deceive even tech-savvy users.

Security experts recommend:

  • Double-check email sender addresses and domain names carefully.
  • Avoid clicking links directly in emails — instead, manually visit the site.
  • Use reliable antivirus software and anti-phishing browser extensions.
  • Review full email headers to detect inconsistencies or suspicious sources.

Google has acknowledged the issue and is actively working on improving OAuth security to mitigate this type of abuse. No timeline for a full fix has been announced yet

 

Source: MedadPress
 www.medadpress.ir