Internal Affairs Department Issues Alert Regarding Deceptive Emails from Google
Let's get down to business, folks. It's high time we shed some light on a fresh phishing scheme that's making the rounds, and it's not your regular run-of-the-mill crap. The culprits behind this sneaky scam have found a clever way to exploit vulnerabilities in Google's email service and Google Sites.
This scheme is like a wolf in sheep's clothing. The bad guys are taking advantage of Google Sites, a legitimate website builder. All the pages on this platform are automatically hosted on the sites.google.com subdomain, making the links look safe and inspiring trust in recipients. But don't be fooled, any data entered on such a site goes straight into the scammers' hands.
Here's how it unfolds. The crooks learn to replicate genuine emails from the address [email protected], doctored to fit their needs. These emails appear to be from an official sender. However, the text and links lead to phishing sites, causing a phishing email to arrive from a legitimate sender and lead to what appears to be a legitimate resource.
As the Russian news giant RBC Group pointed out, "In this way, a phishing email arrives from a legitimate sender and leads to what appears to be a legitimate resource."
In response, the MVD advised Gmail users to exercise caution and avoid clicking on links in emails until Google rectifies the vulnerability.
It's essential to mention that the method employed here is more than just tricky; it's downright crafty. The bad guys register a domain and set up a Google Account associated with it to mimic legitimate email behavior and avoid raising suspicion. Next, they create a Google OAuth application named after the phishing message for authorization purposes. Since the OAuth app is approved by Google, any emails it generates are signed with Google's legitimate DKIM keys.
This means that despite originating from a non-Google domain, the emails appear legitimate and pass all Gmail authentication checks (SPF, DKIM, DMARC), making it near impossible for Gmail or users to recognize them as phishing attempts. The attackers host their malicious pages on Google Sites, a trusted Google-owned domain that enables the embedding of arbitrary scripts and objects.
Finally, the phishing emails direct victims to fake Google support pages hosted on Google Sites. These pages are designed to mislead victims into handing over their login credentials.
This scheme cleverly uses Google's own infrastructure and trust mechanisms to dupe victims into submitting their login credentials on fake but believable pages hosted on Google Sites[1][3][4].
In summary, it's crucial to be vigilant when using Google services, especially when dealing with emails from unknown sources. If you ever receive a suspicious email that looks legitimate but feels awkward, think twice before clicking on any links. Remember, neither banks, nor the Goservices portal, nor the police will ever request your login credentials or sensitive documents via messengers.
Stay safe out there!
[1] https://www.bleepingcomputer.com/news/security/google-account-phishing-via-legitimate-dkim-signing-bypasses-email-defenses/[3] https://www.infosecurity-magazine.com/news/google-phishing-scam-exploits-company/[4] https://thehackernews.com/2021/04/google-account-phishing-scam-uses.html
- The cybersecurity community should be on high alert, as a recent phishing scheme is using Google's own infrastructure to bypass email defenses, posing a significant threat to users' cybersecurity.
- In the escalating battle against cybercrime, this phishing scheme, which exploits vulnerabilities in Google's email service and Google Sites, is a clear indication of the need for advancements in technology to combat general-news about crime-and-justice in the digital world.
