In what has been described as an "extremely sophisticated phishing attack," threat actors have leveraged an uncommon approach that allowed bogus emails to be sent via Google's infrastructure and redirect message recipients to fraudulent sites that harvest their credentials. "The first thing to note is that this is a valid, signed email – it really was sent from [email protected]," Nick Johnson, the lead developer of the Ethereum Name Service (ENS), said in a series of posts on X. "It passes the DKIM signature check, and Gmail displays it without any warnings – it even puts it in the same conversation as other, legitimate security alerts." The email message informs prospective targets of a subpoena from a law enforcement authority asking for unspecified content present in their Google Account and urges them to click on a sites.google[.]com URL in order to "examine the case materials or take measures to submit a protest." The Google Sites URL displays a lookalike page that impersonates the legitimate Google Support page, and includes buttons to "upload additional documents" or "view case." Clicking on either of the options takes the victim to a replica Google Account sign-in page, the only difference being that it's hosted on Google Sites. "sites.google.com is a legacy product from before Google got serious about security; it allows users to host content on a google.com subdomain, and crucially it supports arbitrary scripts and embeds," Johnson said. "Obviously this makes…Read More