Google has confirmed a sophisticated phishing attack affecting 1.8 billion Gmail users, highlighted by developer Nick Johnson. He shared details of the attack, emphasizing how it bypassed traditional security measures, making it appear legitimate. The email, posing as an official Google request, was able to pass DKIM checks, which typically confirm authenticity. Google acknowledged the attack and reassured users about newly implemented protections, advising them to adopt two-factor authentication and passkeys for enhanced security against future phishing attempts.
"Recently I was targeted by an extremely sophisticated phishing attack. It exploits a vulnerability in Google's infrastructure, and given their refusal to fix it, we're likely to see it a lot more."
"The only hint it's a phish is that it's hosted on sites.google.com instead of accounts.google.com. Clicking the fraudulent link took me to a 'very convincing' support portal page."
Collection
[
|
...
]