Crime Today News
Summary: A new scam has come into light, where scammers are sending out phishing emails to targets by abusing the Google OAuth app. Such an email comes from a legit-looking “[email protected]” address and reportedly includes a subpoena about law enforcement. This intimidates users into giving up their account information.
If you ever receive an email from “[email protected]” and think it’s from Google, think twice; it could be a phishing email. A new scam has come into light, where scammers are sending out phishing emails that appear to come from the aforementioned email address, which looks legit at first glance.
Scammers are now sending phishing emails from a realistic-looking Google address
According to a report by Bleeping Computer, the emails include an urgent subpoena alert about “law enforcement,” asking for information from the target’s Google account. Per the outlet, the phishing scam uses Google’s “sites.google.com” free web-building platform to create legit-looking phishing websites and emails, which intimidate targets into giving up their credentials.
Now, you must be wondering why Google fails to flag such a phishing email. Well, here’s an explanation provided by an email authentication company called EasyDMARC. As the phishing email comes from Google’s own tool, it easily bypasses the DomainKeys Identified Mail (DKIM) authentication. Usually, DKIM flags fake emails, which is why they end up in the spam section. The scammers then enter the full text of the email as the name of their fake OAuth app.
Next, the text gets autofilled into an email sent by Google to their email address. Interestingly, when a scammer forwards the phishing email to a user’s Gmail address, it remains signed and valid. This is because DKIM only checks and flags messages and headers. Lastly, the phishing email links to a realistic-looking support portal on sites.google.com instead of accounts.google.com. A person with less knowledge about technology can easily fall for this scam.
Google is working on a fix
Nick Johnson, the lead developer of the Ethereum Name Service (ENS), received a similar Google phishing email a week ago. However, he was vigilant enough to figure out that something was off about the email. He then reported this to Google, saying that scammers are misusing the Google OAuth app as a security flaw.
While the company initially said everything is working fine, it later recognized this as a threat to its users and is reportedly working to fix the OAuth security vulnerability. As the cybersecurity space is evolving, scammers are coming up with new tricks to target users. Therefore, it’s upon us to remain vigilant.
📰 Crime Today News is proudly sponsored by DRYFRUIT & CO – A Brand by eFabby Global LLC
Design & Developed by Yes Mom Hosting
