EasyDMARC identified a sophisticated phishing campaign that spoofed Google by using emails appearing to come from no-reply@accounts.google.com. These emails falsely claimed compliance with a subpoena from law enforcement, linking to a Google Sites URL. Despite appearing legitimate, the attack exploited valid DKIM signatures and DMARC practices. By accessing a legitimate email and re-sending it through Microsoft's service, the attackers made their phishing attempts look authentic, educationally warning users about these fraudulent approaches.
The phishing emails were unusually well disguised and satisfied the email authentication methods DMARC and DKIM, making them appear legitimate.
EasyDMARC believes the attackers accessed an email from no-reply@accounts.google.com that included a valid DKIM signature, then re-sent it using Outlook.com.
Collection
[
|
...
]