Google user highlights 'extremely sophisticated' phishing attack
Google user Nick Johnson, an Ethereum developer, took to X to highlight an "extremely sophisticated" phishing attack, which has resulted in the company reiterating that users should adopt two-factor authentication and passkeys to avoid such scams.
Google has reiterated that users should adopt two-factor authentication and passkeys to avoid phishing attacks after a cryptocurrency platform developer was targeted by an "extremely sophisticated" scam.
Nick Johnson, an Ethereum developer, took to X to highlight the phishing attack.
He wrote: "Recently I was targeted by an extremely sophisticated phishing attack, and I want to highlight it here.
"It exploits a vulnerability in Google's infrastructure, and given their refusal to fix it, we're likely to see it a lot more. Here's the email I got:"
Nick shared a screenshot of the email, which claimed a "subpoena" had been "served on Google LLC", and it alleged he was required to produce a copy of his Google Account content.
He wrote: "The only hint it's a phish is that it's hosted on sites.google.com instead of accounts.google.com."
Nick also admitted a link had taken him to a very convincing" support portal page, and he added: "From there, presumably, they harvest your login credentials and use them to compromise your account; I haven't gone further to check."
Fortunately, Google did recognise the issue.
Afterwards, Nick wrote: "Outstanding news: Google has reconsidered and will be fixing the oauth bug!"
A Google spokesperson said in a statement to DailyMail.com: "We're aware of this class of targeted attack from this threat actor and have rolled out protections to shut down this avenue for abuse.
"In the meantime, we encourage users to adopt two-factor authentication and passkeys, which provide strong protection against these kinds of phishing campaigns."
