A new, highly sophisticated Gmail phishing scam has been making the rounds, and it’s tough to spot, even for experienced users. The scam was first brought to light by software developer Nick Johnson, who became a target of this advanced attack. Unlike traditional phishing emails, which are easy to spot, this scam appears to come directly from Google itself.
In this scam, the email looks like it’s coming from a legitimate Google source, with even security tools giving it a green light. The trick behind this scam is the use of a “legacy Google product,” which was not as secure in the past. The hackers used this to create a Google subdomain that hosts fake login pages, tricking users into entering their personal information.
When Nick Johnson clicked on the link in the phishing email, he was taken to a sign-in page that looked exactly like Google’s login page, except for one detail: the URL showed "sites.google.com" instead of "accounts.google.com". This subtle difference is what made the scam so hard to detect.
The attackers also created a fake Google OAuth application to mimic Google’s real security alerts. This led users to believe they were receiving a legitimate security warning, prompting them to give away their login credentials.
Google has confirmed that they are working to fix this vulnerability. They acknowledged the scam and stated that they are rolling out new protections to block this attack. In the meantime, they are advising users to enable two-factor authentication and use passkeys to protect their accounts.
Stay alert, and remember, if something looks suspicious, it’s always better to verify it directly with the official website before clicking any links.
