Friendly forums for passionate Dems!
More than 93 million posts since 2001
Home Latest Greatest Videos Forums Hide ads Join up!
Home Latest Greatest
Videos Forums Help
Hide ads Join up!
Latest Discussions»Help & Search»Computer Help and Support»Phishers abuse Google OAu...
Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

Computer Help and Support

Related: About this forum

douglas9

(4,737 posts) Mon Apr 21, 2025, 12:25 PM Apr 21

Phishers abuse Google OAuth to spoof Google in DKIM replay attack

In a rather clever attack, hackers leveraged a weakness that allowed them to send a fake email that seemed delivered from Google’s systems, passing all verifications but pointing to a fraudulent page that collected logins.

The attacker leveraged Google’s infrastructure to trick recipients into accessing a legitimate-looking “support portal” that asks for Google account credentials.

The fraudulent message appeared to come from “no-reply@google.com” and passed the DomainKeys Identified Mail (DKIM) authentication method but the real sender was different.

Fake email with Google's DKIM stamp
Nick Johnson, the lead developer of the Ethereum Name Service (ENS), received a security alert that seemed to be from Google, informing him of a subpoena from a law enforcement authority asking for his Google Account content.

Almost everything looked legitimate and Google even placed it with other legitimate security alerts, which would likely trick less technical users that don’t know where to look for the signs of fraud.



https://www.bleepingcomputer.com/news/security/phishers-abuse-google-oauth-to-spoof-google-in-dkim-replay-attack/

1 replies, 174 views
1 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
Phishers abuse Google OAuth to spoof Google in DKIM replay attack (Original Post) douglas9 Apr 21 OP
Everyone, please do not click on links in emails or messages. usonian Apr 21 #1

usonian

(17,290 posts)
1. Everyone, please do not click on links in emails or messages.
Reply to douglas9 (Original post)
Mon Apr 21, 2025, 12:50 PM
Apr 21

Just go to the site you are concerned with, type in its well known name (google.com, your bank's site, or your business site) and ask questions or do your business that way.

Links in emails and senders' email addresses are often fake but most people don't know how to spot a fake one.

Just observe the "no click" rule.

Be safe, not sorry.



Reply to this discussion
Latest Discussions»Help & Search»Computer Help and Support»Phishers abuse Google OAu...
Home | Latest Discussions | Greatest Discussions | Latest Videos | All Forums

About | Copyright | Privacy | Terms of service | Contact

In Memoriam

© 2001 - 2025 Democratic Underground, LLC. Thank you for visiting.