Gmail users targeted in sophisticated phishing scam using Google infrastructure

A new phishing scam has raised alarms among Gmail users, revealing how even Google’s secure platforms can be exploited by cybercriminals.

The attack came to light when an X (formerly Twitter) user, @nicksdjohnson (nick.eth), shared his experience of falling victim to a cleverly disguised phishing attempt. On April 15, Nick received an email from [email protected], a legitimate-looking and DKIM-authenticated address. The email appeared official and requested a copy of his Google account data.

Upon clicking the provided link, Nick was redirected to what looked like a genuine Google support portal—hosted on sites.google.com, Google’s own domain service. The portal mimicked Google’s login page, designed to steal user credentials.

This scam leveraged two key weaknesses:

Phishing page hosted on Google’s own subdomain using Sites, which lends false legitimacy.

Use of a valid, signed sender email address, which passed Google’s authentication checks.

In a concerning twist, the exploit shows how bad actors can use Google’s own tools against unsuspecting users. Google has been notified and is investigating the issue.

Meanwhile, users are urged to:

Never trust links blindly, even if the email appears to be from Google.

Avoid entering credentials on unfamiliar or redirected login pages.

Double-check domain URLs, even those hosted on recognizable platforms.

This scam follows a recent incident in which a retired Bombay High Court Chief Justice lost nearly ₹50,000 to a similar phishing trick—underscoring the growing sophistication of cyber threats.

Until Google rolls out a fix, user vigilance remains the best defense against such attacks.