Particle.news
Download on the App Store
8 ARTICLES
·
last wk.

Google Rolls Out Protections Against Sophisticated Gmail Phishing Campaign

Hackers exploited Google's own authentication systems to target users, prompting Google to deploy safeguards and urge stronger security measures.

Google has confirmed that the company is working on a fix for this vulnerability.
Warning for Gmail users! Google’s own tools used in major phishing scam
Image

Overview

  • Attackers used DKIM-signed emails from [email protected] to bypass Gmail's safeguards and impersonate legitimate Google alerts.
  • Phishing emails directed users to cloned Google support pages hosted on sites.google.com, tricking them into providing login credentials.
  • Google has confirmed it is completing the deployment of targeted protections to block this specific phishing method.
  • Users are advised to enable two-factor authentication, avoid SMS-based 2FA, and adopt passkeys for stronger account security.
  • The campaign highlights vulnerabilities in traditional email and SMS-based authentication, with experts warning of evolving threats like AI-driven phishing and malware such as Gorilla.