Particle.news
Download on the App Store
4 ARTICLES
·
last wk.

Google Confronts Sophisticated Gmail Phishing Campaign Exploiting Its Own Services

The Rockfoils actor uses Google Sites to bypass security filters, prompting Google to deploy protections and urge users to adopt passkeys.

Image
Stock Image: A smart phone with the Google Gmail app is seen on the screen in Hong Kong, Hong Kong, on July 31, 2018.
Image

Overview

  • Google has confirmed a phishing campaign exploiting Google Sites subdomains to bypass Gmail's DKIM filters and deliver signed emails appearing legitimate.
  • The attack, attributed to the Rockfoils actor, directs victims to fake Google support pages hosted on sites.google.com to harvest credentials.
  • Protections against this vulnerability have been rolling out for the past week, with full deployment expected soon, according to Google.
  • Google advises users to strengthen account security by enabling two-factor authentication and switching to passkeys, which are less susceptible to phishing.
  • Cryptocurrency developer Nick Johnson first reported the attack, highlighting its sophisticated use of legitimate Google infrastructure to deceive users.