Particle.news
Download on the App Store
4 ARTICLES
·
last wk.

Google Races to Block Sophisticated Gmail Phishing Campaign

The attack exploits Google Sites and DKIM protocols to mimic legitimate security alerts, prompting Google to roll out final protections and urge stronger account security measures.

Image
Stock Image: A smart phone with the Google Gmail app is seen on the screen in Hong Kong, Hong Kong, on July 31, 2018.
Image

Overview

  • A newly uncovered phishing campaign uses Google Sites subdomains and DKIM-signed emails to impersonate legitimate Google security alerts, bypassing Gmail's spam filters.
  • Google has attributed the attack to the threat actor Rockfoils and is in the final stages of deploying protections to shut down this exploit.
  • The phishing emails originate from [email protected], leading users to a fake Google support page designed to steal account credentials.
  • High-profile individuals, including Ethereum developer Nick Johnson, have been targeted in this campaign, highlighting the sophistication and scope of the attack.
  • Google is urging users to enable two-factor authentication and passkeys, which offer stronger protection against phishing attempts, while advising caution with unsolicited security alerts.