TechTech News

Google Responds to Report of Sophisticated Gmail Phishing Attack

The company said it rolled out a fix, adding that users should adopt two-factor authentication and passkeys.
Save
Google Responds to Report of Sophisticated Gmail Phishing Attack
Google says on its website that Gmail users should be wary of emails with "urgent requests." Laurie Dieffembacq/Belga Mag/AFP via Getty Images
Jack Phillips
Updated:
0:00

Google on April 22 said it is aware of reports of a phishing scam targeting Gmail account holders and has rolled out a fix.

Earlier this month, a software developer and researcher wrote that he received a security alert email that purported to be from Google that informed him that a “subpoena was served on Google LLC requiring us to produce a copy of your Google Account content,” adding later that the user could look into the details to “submit a protest.”

“Recently I was targeted by an extremely sophisticated phishing attack, and I want to highlight it here. It exploits a vulnerability in Google’s infrastructure, and given their refusal to fix it, we’re likely to see it a lot more. Here’s the email I got,” the developer, Nick Johnson, wrote in a post on social media platform X.

The email was sent from the “[email protected]” address, and Johnson noted that it is a “valid, signed email” that was “really” sent by the Google company account.

“It passes the DKIM signature check, and GMail displays it without any warnings—it even puts it in the same conversation as other, legitimate security alerts,” he said.

DKIM is an acronym for DomainKeys Identified Mail, an email authentication protocol that uses digital signatures to verify whether an email is legitimate, according to Google’s website.

Related Stories
FBI: Losses From Internet Crime Surged 33 Percent in 2024, Topping $16 Billion
FBI: Losses From Internet Crime Surged 33 Percent in 2024, Topping $16 Billion
Americans Warned of Scammers Impersonating FBI Workers
Americans Warned of Scammers Impersonating FBI Workers
The only suggestion that it is a phishing attack, where attackers try to appear as a legitimate entity to dupe a victim into revealing sensitive or personal information, is “that it’s hosted on sites.google.com instead of accounts.google.com,” Johnson wrote in an X thread. Another sign it’s a phishing attempt, he added, is that the email contained a lot of white space where there shouldn’t have been.

A spokesperson for Google told The Epoch Times on Tuesday that the company has “rolled out fixes to stop this abuse pathway,” responding to questions about Johnson’s claims.

“We’ve shut down the mechanism that attackers are using to insert arbitrary length text, which will prevent this method of attack from working,” the company said.

“We’re aware of this class of targeted attack from this threat actor, and have rolled out protections to shut down this avenue for abuse. In the meantime, we encourage users to adopt two-factor authentication and passkeys, which provide strong protection against these kinds of phishing campaigns,” a separate company spokesperson said in statement.

Google also won’t “ask for any of your account credentials—including your password, one-time passwords, confirm push notifications, etc.—and Google will not call you,” the spokesperson added.

Google says on its website that Gmail users should be wary of emails with “urgent requests” and advised people not to engage with strangers or individuals who seek sensitive information, including bank account details, credit card numbers, or addresses.
A separate Google page about privacy and terms usage says that when the company receives a request from a government entity, it will send an email to the user account before it discloses that information.

“We won’t give notice when legally prohibited under the terms of the request. We’ll provide notice after a legal prohibition is lifted, such as when a statutory or court-ordered gag period has expired,” the company says, adding it may “not give notice in the case of emergencies, such as threats to a child’s safety or threats to someone’s life, in which case we’ll provide notice if we learn that the emergency has passed.”

Jack Phillips
Jack Phillips
Breaking News Reporter
Jack Phillips is a breaking news reporter who covers a range of topics, including politics, U.S., and health news. A father of two, Jack grew up in California's Central Valley. Follow him on X: https://twitter.com/jackphillips5
twitter