New e-mail trick targets Google users

<p>Researchers have uncovered a clever phishing scam that uses Google’s tools to fool people into giving away their Google account passwords&period; Nick Johnson&comma; a developer from the Ethereum Name Service&comma; recently received an email that seemed to come from no-reply&commat;google&period;com&period; The message said that police had requested access to his Google account&comma; making it sound profound and urgent&period;<&sol;p>&NewLine;<p><img class&equals;"alignnone size-full wp-image-4335" src&equals;"https&colon;&sol;&sol;www&period;wincert&period;net&sol;wp-content&sol;uploads&sol;2021&sol;09&sol;hacker-6512174&lowbar;640&period;jpg" alt&equals;"" width&equals;"640" height&equals;"400" &sol;><&sol;p>&NewLine;<p>At first glance&comma; the email looked completely real&period; Johnson said it was very convincing and warned that someone who isn’t deeply familiar with tech could easily fall for it&period;<&sol;p>&NewLine;<p>Scammers created a fake Google account using a custom email address like <strong>me&commat;domain<&sol;strong>&period; Then&comma; they used one of Google’s tools to create a special app&period; Instead of giving it a normal name&comma; they filled it with a fake legal message about the police subpoena&period;<&sol;p>&NewLine;<p>When they set up this app&comma; Google automatically sent a confirmation email to the new address&period; Since the scam message was used as the app’s name&comma; that message showed up front and center in the email&period; Because Google itself generated the message&comma; it looked completely official&period; It even passed all of Google’s security checks&comma; so it didn’t end up in the spam folder&period; After receiving that email&comma; the scammers forwarded it to their target&period;<&sol;p>&NewLine;<p>Everything about the email looked legit&period; But if someone had scrolled to the bottom&comma; they might have noticed it was meant for a different email address&comma; not theirs&comma; a small detail that could give away the trick&period; This type of scam works because Google checks that the email content is real&comma; but it doesn’t always catch when the message is forwarded to someone else&period; The scammers are using that little loophole to their advantage&period;<&sol;p>&NewLine;<p>To make things even worse&comma; they also created a fake Google login page using Google Sites&comma; a tool anyone can use to build a simple website&period; Because Google hosts it&comma; the web address looks trustworthy&period; But anyone who types in their email and password on that page is handing it straight to the scammers&period;<&sol;p>&NewLine;