Recent messages from Nick Johnson, lead developer of the Ethereum Name Service, highlight a new phishing technique leveraging vulnerabilities in Google’s infrastructure.
How Scammers Exploit Google Alerts
Scammers send fraudulent emails to users claiming that a subpoena has been served on Google to obtain information from their account. These messages appear highly legitimate, encouraging users to contest the subpoena or review case materials.
Fake Google Support Pages
According to Johnson, scammers create fake support pages using sites.google.com. This legacy product allows users to host content on Google's subdomain, making it an ideal platform for credential harvesting sites. He argued that Google should disable scripting and arbitrary embeds on Google Sites to prevent further exploitation of this vulnerability.
Bug Report to Google
Johnson also pointed out that the scammers exploit a bug in Gmail to generate the fraudulent security alert emails. He submitted a bug report to Google, but the security team closed it, stating the feature worked 'as intended,' indicating the company's unwillingness to acknowledge the issue.
This situation emphasizes the importance of security for cryptocurrency users, particularly given the prevalence of phishing attacks. Maintaining security practices remains critically important amid growing threats.
