Security Bulletin
April 29th, 2025
Who:
A sophisticated phishing campaign has been identified, targeting Gmail users by impersonating official Google communications.
What:
Attackers are sending emails that appear to originate from no-reply@accounts.google.com, a legitimate Google address. These emails claim that Google has received a subpoena concerning the recipient's account and prompt users to click on a link leading to a fraudulent "support portal" hosted on sites.google.com. This portal is designed to harvest user credentials by mimicking Google's legitimate services.
Example phishing email - Note the email is from a legitimate Google email address.
Impact:
The phishing emails pass Gmail's security checks, including DKIM signature verification, making them appear authentic and allowing them to bypass spam filters. Users who enter their credentials on the fake portal risk full account compromise, including unauthorized access to emails, contacts, and sensitive personal information. Google is aware of this exploit and is actively rolling out protections to mitigate the threat.
Recommendations:
Users are advised to enable multi-factor authentication and remain vigilant for unexpected emails requesting sensitive information, even if they appear to come from legitimate Google addresses. If a user suspects an email to be phishing, it is advised to flag the email, and report it to IT/Security staff. DO NOT click any links contained in the email if at all suspicious.
Read the full article HERE
Like