With billions of users worldwide, it’s not surprising that Gmail remains a top target for cyber crooks. Crooks target users of this popular email platform every day, and the majority of scams are caught and blocked by Google’s filters and spam protection.
However, despite some impressive security, it appears one worrying ‘attack’ is slipping through the net and getting caught out could be costly.
The new alert was first raised by developer Nick Johnson, who says he was hit by an “extremely sophisticated” phishing attack which looked incredibly real.
The message suggested that a legal subpoena had been issued and a copy of his Google account content needed to be produced.
It might sound a little far-fetched, but what makes things most concerning is that the address the message came from was a valid Google account.
“The first thing to note is that this is a valid, signed email – it really was sent from no-reply@google.com. It passes the DKIM signature check, and GMail displays it without any warnings,” Johnson explained.
Google’s DKIM signature check would normally filter suspicious emails and place them straight in the spam folder, making sure users don’t get fooled. This scary attack is able to con the system by generating a Google domain. Spam checks then see the origin as legitimate and the dangerous email goes straight into the inbox.
Once the link embedded in the message is clicked, users are taken to a “very convincing” portal page where they are asked to sign in using their account name and password. If successful in tricking people, the cyber crooks instantly have access to highly personal data.
It’s clearly a worrying scam, especially as the message looks like it has been sent via official Google channels.
Lukcily, the US technology company is now rushing to release a fix that will stop its name and email address being used to attack Gmail account holders in the future.
“We’re aware of this class of targeted attack from the threat actor, Rockfoils, and have been rolling out protections for the past week,” a Google spokesperson told Newsweek.
“These protections will soon be fully deployed, which will shut down this avenue for abuse.”
There’s no word on how long it will take Google to release this update globally so, for now, anyone with a Gmail account needs to remain alert.
At Reach and across our entities we and our partners use information collected through cookies and other identifiers from your device to improve experience on our site, analyse how it is used and to show personalised advertising. You can opt out of the sale or sharing of your data, at any time clicking the “Do Not Sell or Share my Data” button at the bottom of the webpage. Please note that your preferences are browser specific. Use of our website and any of our services represents your acceptance of the use of cookies and consent to the practices described in our Privacy Notice and Cookie Notice.
