Phishing -scam aimed at crypto users have become more advanced, whereby attackers abuse the infrastructure of Google to carry out very convincing attacks.
On April 16, Nick Johnson, the founder and chief developer of Ethereum Name Service (Ens), expressed concern about a new method that cyber criminals use to jeopardize Gmail accounts and possibly be aimed at corresponding crypto -portfolios.
How to use phishing attackers to their advantage
According to Johnson, the attackers Use a Maas in the Google ecosystem with which they can send phishing -e -mails that look like real security reports of the technology giant itself.
These e -mails are signed with valid Domakeys identified E -mail (DKIM) Signatures, so that they can circumvent spam filters and look authentic for recipients.
Once open, these E -mails send users to a fake support portal hosted on a Google sub -domain. This fake page asks victims to log in and upload sensitive documents.
However, Johnson warned that the attackers probably harvest login details, those Gmail accounts and any services that are linked to those e -mails can endanger.
The phishing sites were built using the Google sites platform, which makes custom scripts and embedded content possible.
Although this flexibility legitimate users benefits, it also enables evil actors to create convincing phishing portals. Even more worrying is that there is currently no way to report abuse directly via the Google sites interface, making attackers easier to keep their content online.
He said:
“Google realized a long time ago that the host of public, specified content on Google.com, is a bad idea, but Google sites remained. Imo needs them to eliminate scrips and random inclusions on sites; this is a too powerful phishing vector.”
To further improve the illusion of legitimacy, the scammers make a Google Ooth application that makes and shares the phishing message. These messages are always complete with structured text and some contact information seems to be for the legal support of Google.
Google’s answer
Johnson reported that he has submitted a bug report to Google about this vulnerability.
Nevertheless, the giant of the search engine reportedly stated that the functions work as intended and do not constitute a security problem.
Johnson wrote:
“I submitted a bug report to Google about this; unfortunately they have closed it as ‘works as intended’ and they have explained that they do not consider it a security bug.”
Nevertheless, he insisted on Google to consider limiting the script and to bed functionality to prevent future abuse.
This incident emphasizes the increasing refinement of phishing campaigns in the crypto space. According to SCAM Sniffer, nearly 6,000 users lost around $ 6.37 million in phishing -wambling in March 2025 alone. In the first quarter of the year, 22,654 victims were members to a total losses of $ 21.94 million.