The founder and lead developer of Ethereum Name Service has warned his X followers of an “extremely sophisticated” phishing attack that can impersonate Google and trick users into giving out login credentials. The phishing attack exploits Google’s infrastructure to send a fake alert to users informing them that their Google data is being shared with law enforcement due to a subpoena, ENS’ Nick Johnson said in an April 16 post to X. “It passes the DKIM signature check, and GMail displays it without any warnings - it even puts it in the same conversation as other, legitimate security alerts,” he said. The fake subpoena appears to be from a Google no-reply domain.
Because DKIM only verifies the message and its headers and not the envelope, the message passes signature validation and shows up as a legitimate message in the user’s inbox — even in the same thread as legit security alerts,” Johnson said. Google deploying countermeasures soon Speaking to Cointelegraph, a Google spokesperson said they are aware of the issue and are shutting down the mechanism that attackers are using to insert the “arbitrary length text,” which will prevent the method of attack from working in the future. Related: Hackers hide crypto address-swapping malware in Microsoft Office add-in bundles“We’re aware of this class of targeted attack from the threat actor, Rockfoils, and have been rolling out protections for the past week.
The Google domain name makes the email appear legitimate, but Johnson points out there are still clear signs it’s a phishing scam — such as it being forwarded from a private email address.
or
Share This Story
Article Details
Author / Journalist: Cointelegraph by Stephen Katte
The story "ENS founder warns of Google spoof that tricks users with a fake subpoena" has 526 words across 14 sentences, which will take approximately 3 - 5 minutes for the average person to read.
Which news outlet covered this story?
The story "ENS founder warns of Google spoof that tricks users with a fake subpoena" was covered 3 days ago by Coin Telegraph, a news publisher based in United States.
How trustworthy is 'Coin Telegraph' news outlet?
Coin Telegraph is a fully independent (privately-owned) news outlet established in 2013 that covers mostly crypto news.
The outlet is headquartered in United States and publishes an average of 9 news stories per day.
It's most recent story was published 7 hours ago.
What do people currently think of this news story?
The sentiment for this story is currently Negative, indicating that people regard this as "bad news".
How do I report this news for inaccuracy?
You can report an inaccurate news publication to us via our contact page. Please also include the news #ID number and the URL to this story.
