Preloader

Does This Google Email Look Real? Don’t Click!

Does This Google Email Look Real? Don’t Click!

Does This Google Email Look Real? Don’t Click!

A sophisticated phishing scam is exploiting vulnerabilities in Google’s infrastructure to convince users that malicious emails and websites are legitimate.

In a series of posts on X observed by Android Authority, developer Nick Johnson explained how he became the target of a phishing attack that took advantage of Google’s system flaws. In his first post, he shared a screenshot of the phishing email claiming that Google was compelled by a legal subpoena to hand over his account data.

Why Does the Email Look Convincing?

  • The email text is grammatically correct, with no spelling or awkward phrasing.

  • It appears to be officially signed by Google.

  • The sender address is no-reply@google.com, a legitimate and automated Google address.

  • It successfully passed DKIM authentication (a security signature check).

  • No security warnings are displayed—making it appear entirely genuine.

How the Scam Works

Clicking the link in the email leads to a support portal that closely mimics a real Google page. This page is hosted on Google Sites, lending even more credibility to the scam.

If you click on “Upload Additional Documents” or “View Case File,” you're redirected to a login page that looks like the official Google sign-in page. But there’s one suspicious detail:

The login page is hosted on Google Sites, not on Google’s official domain accounts.google.com.

If the user enters their credentials, attackers can steal the information and hijack the account.

Google's Response and the Security Flaw

After receiving the phishing email, Nick Johnson reported the vulnerability to Google. Initially, Google responded that this behavior was intentional, but later changed its stance and promised to fix the issue.

Melissa Bischoping, Director of Endpoint Security Research at Tanium, explained:

“This phishing campaign exploits legitimate Google capabilities to send fake emails that bypass certain security checks. It also uses Google Sites to host fake login pages and steal credentials.”

How to Protect Yourself

Thomas Richards, Infrastructure Security Director at Black Duck, offers the following advice:

  • Be suspicious of emails urging you to take immediate action.

  • Check both sender and recipient addresses. If the sender’s domain is questionable or the email wasn’t directly addressed to you, it’s likely a scam.

  • Avoid clicking links in emails. If in doubt, go directly to your Google account via your browser.

  • Search the email’s content online. If others have reported it, you'll likely find warnings.

Until Google fully addresses this issue, remain vigilant and protect your personal information.

 

Source: MedadPress
www.medadpress.ir