Close Menu
AsiaTokenFundAsiaTokenFund
  • Home
  • Crypto News
    • Bitcoin
    • Altcoin
  • Web3
    • Blockchain
  • Trading
  • Regulations
    • Scams
  • Submit Article
  • Contact Us
  • Terms of Use
    • Privacy Policy
    • DMCA
What's Hot

Avalanche (AVAX) Price Analysis and Short-term Forecast

May 30, 2025

Ethereum Tests Key Weekly Resistance – Analyst Sets $4K Target If ETH Breaks Out

May 30, 2025

U.S. SEC Dismisses Lawsuit Against Binance: Will BNB Price Regain Bullish Momentum

May 29, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) YouTube LinkedIn
AsiaTokenFundAsiaTokenFund
ATF Capital
  • Home
  • Crypto News
    • Bitcoin
    • Altcoin
  • Web3
    • Blockchain
  • Trading
  • Regulations
    • Scams
  • Submit Article
  • Contact Us
  • Terms of Use
    • Privacy Policy
    • DMCA
AsiaTokenFundAsiaTokenFund

Phishing scammers now exploiting Google’s infrastructure to target crypto users

0
By Aggregated - see source on April 16, 2025 Scams
Share
Facebook Twitter LinkedIn Pinterest Email

Phishing scams targeting crypto users have become more advanced, with attackers abusing Google’s infrastructure to conduct highly convincing attacks.

On April 16, Nick Johnson, the founder and lead developer of Ethereum Name Service (ENS), raised concerns over a fresh method cybercriminals use to compromise Gmail accounts and potentially target associated crypto wallets.

How phishing attackers are using Google to their advantage

According to Johnson, the attackers exploit a loophole in Google’s ecosystem that allows them to send phishing emails that appear genuine security alerts from the tech giant itself.

These emails are signed with valid DomainKeys Identified Mail (DKIM) signatures, enabling them to bypass spam filters and appear authentic to recipients.

Once opened, these emails direct users to a counterfeit support portal hosted on a Google subdomain. This fake page prompts victims to log in and upload sensitive documents.

However, Johnson warned that the attackers are likely harvesting credentials, which could compromise Gmail accounts and any services linked to those emails.

The phishing sites are built using Google’s Sites platform, which allows custom scripts and embedded content.

While this flexibility benefits legitimate users, it also allows malicious actors to create convincing phishing portals. Even more concerning is that there’s currently no way to report abuse directly through the Google Sites interface, making it easier for attackers to keep their content online.

He said:

“Google long ago realised that hosting public, user-specified content on google.com is a bad idea, but Google Sites has stuck around. IMO they need to disable scrips and arbitrary embeds in Sites; this is too powerful a phishing vector.”

To further enhance the illusion of legitimacy, the scammers create a Google OAuth application that formats and shares the phishing message. These messages are always complete with structured text and what appears to be contact information for Google Legal Support.

Google’s response

Johnson reported that he submitted a bug report to Google about this vulnerability.

Still, the search engine giant reportedly stated that the features work as intended and do not constitute a security issue.

Johnson wrote:

“I’ve submitted a bug report to Google about this; unfortunately they closed it as ‘Working as Intended’ and explained that they don’t consider it a security bug.”

Nevertheless, he urged Google to consider limiting script and embedding functionality to help prevent future abuse.

This incident highlights the increasing sophistication of phishing campaigns within the crypto space. According to Scam Sniffer, nearly 6,000 users lost around $6.37 million to phishing scams in March 2025 alone. In the first quarter of the year, 22,654 victims suffered total losses of $21.94 million.

Mentioned in this article
Latest Alpha Market Report



Credit: Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Trader loses $2.5M USDT after falling for address poisoning scam twice

May 26, 2025

Creator of over 100 memecoins says rug pulls are the ‘easiest way to make money’

May 18, 2025

Jan 2024 SEC’s X account hacker got 14 months in prison for cyber fraud

May 18, 2025
Leave A Reply Cancel Reply

What's New Here!

Avalanche (AVAX) Price Analysis and Short-term Forecast

May 30, 2025

Ethereum Tests Key Weekly Resistance – Analyst Sets $4K Target If ETH Breaks Out

May 30, 2025

U.S. SEC Dismisses Lawsuit Against Binance: Will BNB Price Regain Bullish Momentum

May 29, 2025

How Hacking Paris is Innovating Sports Fandom with Blockchain

May 29, 2025
AsiaTokenFund
Facebook X (Twitter) LinkedIn YouTube
  • Home
  • Crypto News
    • Bitcoin
    • Altcoin
  • Web3
    • Blockchain
  • Trading
  • Regulations
    • Scams
  • Submit Article
  • Contact Us
  • Terms of Use
    • Privacy Policy
    • DMCA
© 2025 asiatokenfund.com - All Rights Reserved!

Type above and press Enter to search. Press Esc to cancel.

Ad Blocker Enabled!
Ad Blocker Enabled!
Our website is made possible by displaying online advertisements to our visitors. Please support us by disabling your Ad Blocker.