New Phishing mode uses Google’s real emails to steal data to crypto users

A developer of Ethereum Name Service He warned about this new modality, warning that it will be very possible that we see this type of emails, since it does not seem that Google want to take action on the matter for now.

***

• A new scam uses the infrastructure of Google to deceive cryptocurrency users.
• A developer of Ethereum Name Service He warned about a sophisticated Phishing campaign.
• The mails seem legitimate because they are signed with valid keys of Google.
• Vulnerability has been ignored by Google, According to the report presented.

Nick Johnson, main developer of Ethereum Name Service (ENS), has issued a serious warning to the crypto community: a new phishing modality is taking advantage of failures in the infrastructure of Google To attack users.

Phishing through mails Google

This was detailed by Johnson in a thread of shared messages through his X account, where he details that The scam uses emails that appear to be legal alerts sent by Google, but that actually directs false portals designed to steal access credentials.

In this regard, Johnson explained that the attackers manage to send emails that exceed all safety checks of Gmail, including the firm Dkim. The message simulates being a legal notification, in which the user is informed that a judicial citation related to their account of their account has been issued Google. Next, you are asked to review the case materials or present a protest.

The alarming thing is that mail comes from the official direction no-reply@google.comwithout generating warnings in Gmail and grouping even with other legitimate alerts of the system. This superficial authenticity significantly increases the risk that the user will trust the message and click on the links included.

The link provided in the mail redirects to a page housed in sites.google.coman inherited service that allows users to create custom sites in subdomains of Google. According to Johnson, scammers are using this platform to build false pages that mimic the support center of Google.

“Google realized a long time ago to house public and specific content of the user on Google.com was a bad idea, but Google Sites continues to exist,” Johnson said.

In addition, this tool allows the inclusion of scripts and apparently legitimate content, which facilitates the creation of forms that capture access data without raising suspicions. As Google Eliminate these pages, attackers simply upload new versions, keeping the Phishing campaign.

The root of the problem: a false app of Oauth

Even more worrying is the way these emails are generated. Johnson explained that scammers create a account of Google with a name like me@domainand then build an application Oauth using the text of the fake mail, blank spaces, and even the name “Google Legal Support”.

Once the application is configured, it receives access to the false account, which allows them to generate a real security alert. When originated from the servers of Google, The message is signed correctly, passing all the filters and appearing as a genuine email for the victims.

The final mail is made massively to other addresses, exposing thousands of users to the scam without the automatic systems of Google They can detect it as fraudulent.

Google Ignore the report

Johnson said he reported in detail the problem to Google. However, the company’s security team replied that the reported behavior was “as expected “ and closed the case without taking action.

This lack of action leaves an open door to more sophisticated scams, especially in a digital environment where cryptocurrency users are constantly white of attacks. Johnson himself warns that this modus operandi, combined with other elements, could be extremely dangerous for crypto users.

The developer of Ens He urged users to take precautions. Recommended distrusting any mail that requests legal actions, even if it seems to come from legitimate sources such as Google, and always verify the URLs before entering sensitive information.

As the digital infrastructure becomes more complex, so do the tactics of the attackers. This situation demonstrates how even high profile platforms such as Google They can be used as tools to carry out mass frauds if vulnerabilities are not corrected on time.

Written article with the help of an AI content editor, edited by Angel Di Matteo / Diariobitcoin

Original image of Diariobitcoin, created with artificial intelligence, for free use, licensed under public domain.

WARNING: Diariobitcoin offers informative and educational content on various topics, including cryptocurrencies, AI, technology and regulations. We do not provide financial advice. Cryptactive investments are high risk and may not be adequate for all. Investigate, consult an expert and verify the applicable legislation before investing. I could lose all its capital.

Subscribe to our newsletter