Technology expert warns of Gmail’s new ‘extremely sophisticated’ fraud that claims to be from ‘law enforcement’

By /

It is a digital wolf in sheep dresses.

Phishing messages are getting almost distinct from the real deal. , TECHNICALSperts are warning of a super -sophisticated Google Spoofing scheme in which cyber criminals use legitimate Gmail communications to grab user accounts.

Nick Johnson, the main developer of Etereum Name Service (ENS), brought to light this digital Trojan horse in a series of posts X.

“Recently I was targeted by an extremely sophisticated phishing attack, and I want to emphasize it here,” he wrote as I describe the chameleonic scheme. “He uses a weakness in Google’s infrastructure and given their refusal to fix it, we are likely to see it much more.”

In this case, Phishing fraud was disguised as an official request from law enforcement.

To make things more confusing, Email (in the picture) originated from a non-reply official in the Google domain. @Nicksdjohnson/x

“This announcement is to warn you that a leaflet was issued to Google LLC from a law implementation that requires receipt of information included in your Google account,” he read for a message view. “To examine the materials of the case or to take measures to submit a protest, please do so on the Google support issue.”

After clicking on “Upload Additional Documents” or “See the issue”, the user is taken on an input page to deliver their credentials, whereby the bad actors will use them to command their account.

“I haven’t gone further to check,” Johnson noted.

Hackers deceive people in introducing credentials, which they then use to compromise their Gmail accounts. ISSARONOW – Stock.adobe.com

The correspondence was particularly secretive as it was linked to a very convincing ‘support portal’ page.

Cyberspoofers also used Google-a free online-based platform for creating websites without the need for coding skills-because they know that people will see that the domain is http://google.com and assume it is legitimate, “Johnson said.

To make things more confusing, Email originated from a non-clear official in the Google domain and rose “in the same conversation as other legal security announcements,” Wiz Tech warned.

In the incident light, Johnson is calling on Google to disable arbitrary scripts and embezzlement on the pages to make Gmail less susceptible to phishing. Backcountry media – Stock.adobe.com

How did the hackers fly under the radar? Johnson told about “two weaknesses in Google’s [infrastructure] that they have refused to fix. “

He wrote that the inheritance pages.google.com the product dates to “Before Google to take seriously for security”, and allows anyone to expect content in a Google.com subfield, including Embeds and bad scripts such as above.

“Of course, this makes the construction of a harvesting site of trivial credentials; they simply have to be prepared to upload new versions as the old ones are deducted from the Google abuse team,” Johnson said.

Fortunately, there are several ways to give up this masquerade.

For one, while the title is signed by accounts.google.com, it is sent via Privatemail.com and sent to the address “with@blah”, wrote Maven of the Internet.

Also suspected, for Johnson is that there is “a lot of white space” under the phishing message “followed by ‘Google Legal Support Legal was given access to your Google account’ and again the ODD email address with@….

In the incident light, Johnson is calling on Google to disable arbitrary scripts and embezzlement on the pages to make Gmail less susceptible to phishing.

The post contacted Google for comment.

#Technology #expert #warns #Gmails #extremely #sophisticated #fraud #claims #law #enforcement
Image Source : nypost.com

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top