KARACHI – Gmail users started falling victim to advanced phishing attack evading security of Tech giant Google.
A new phishing scam targeting Gmail users surfaced online, proving to be so sophisticated that it bypasses Google’s security measures. The revelation was made by software developer and crypto enthusiast, Nick Johnson, who shared his experience online.
In a thread post, Nick mentioned receiving an email from no-reply@google.com, claiming that a subpoena had been issued for access to his Google account data. At first, the email appeared to be genuine—it was DomainKeys Identified Mail authenticated, appeared within a legitimate thread of real Google security notifications, and even carried the familiar Google branding, making it seem entirely credible.
However, the link contained within the email directed users to Google Sites page hosted under the subdomain sites.google.com. This page perfectly mirrored Google’s login screen, designed to trick users into entering their credentials and compromising their accounts.
As per the victim, the phishing attempt exploited a flaw in Google’s infrastructure. In his post on social media, he warned that without a fix, similar attacks could proliferate.
Meanwhile, Google acknowledged the phishing issue, with a spokesperson stating: “We are actively working on rolling out protections to shut down this method of abuse and improve security.”
Despite the company’s efforts, users are urged to take extra precautions to safeguard their accounts. To avoid falling victim to similar attacks, experts recommend enabling two-factor authentication. Double-check email addresses and URLs before clicking on any links, even if they appear legitimate. Stay vigilant when interacting with emails from even trusted sources
Alert: New WhatsApp Hack scam targets iPhone Users in Pakistan (VIDEO)
