ENS Founder Flags “Highly Sophisticated” Google-Based Phishing Scam
A new phishing campaign is alarming cybersecurity experts because it exploits Google’s trusted infrastructure.
A new phishing campaign is alarming cybersecurity experts because it exploits Google’s trusted infrastructure.
Nick Johnson, founder of Ethereum Name Service (ENS), alerted users on X about the scam, which successfully bypasses standard email security measures. The attackers have created deceptive emails that resemble genuine Google alerts, even passing authentication checks like DKIM. These fraudulent messages claim that a recipient’s data is under subpoena by law enforcement, making it difficult for users to distinguish them from real security notices.
Victims are lured into clicking a link to “view case materials or protest,” which redirects them to a Google Sites page — a platform often used for building web pages on Google subdomains. This tactic leverages the appearance of authenticity by using Google’s branding and domain to gain user trust. Johnson believes the goal is to steal login credentials, though he refrained from proceeding further into the trap.
According to a recent April 11 report by cybersecurity firm EasyDMARC, the phishing method hinges on the misuse of Google’s services, including Google Sites and OAuth applications. Attackers can freely assign deceptive names to these apps and use a third-party service like Namecheap to send emails with misleading addresses, such as “ [email protected] ,” while setting an arbitrary reply-to email.
The malicious email appears authentic because DKIM validates the message content and headers, but does not validate the actual envelope sender. This allows the phishing email to slip past Gmail’s security layers and into a user’s inbox, even nesting within genuine Google alert threads.
Security experts urge users to remain vigilant, inspect sender details thoroughly, and avoid clicking links from suspicious alerts, regardless of how legitimate they appear.
The incident emerged just as North Korean-linked fraudulent tech workers reportedly expanded their infiltration efforts beyond the United States. According to a separate April 2 report by Google’s Threat Intelligence Group (GTIG), these operatives began targeting blockchain firms in the United Kingdom and Europe.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter , LinkedIn , Facebook , Instagram , and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Experts Anticipate a Surge for SUI Cryptocurrency Based on Positive Indicators
In Brief SUI cryptocurrency shows optimism through positive technical indicators. Experts believe SUI is poised for a potential upward movement. Institutional predictions suggest significant price levels could be reached for SUI.
Massive OM Token Burn Sparks Investor Debate and Market Tension
In Brief Mullin announced a significant burn of 300 million OM tokens to reduce supply. Investor confidence is shaken as whale movements raise concerns about potential sell-offs. Market sentiment remains crucial as analysts call for additional measures for recovery.
Who is Patrice Evra, French football legend, set to speak at Token 2049 Dubai?
Elon Musk Takes Dig at Crypto Scammers Posing as “Hot Girls”
Trending news
MoreCrypto prices
More
