Recently, attackers have been using a sophisticated phishing tactic to target individuals by sending emails that appear to be from “no-reply@google.com.” These emails are designed to look like urgent subpoena alerts related to “law enforcement” seeking information from the recipient’s Google Account. According to Bleeping Computer, the scam is utilizing Google’s “Sites” web-building app to create realistic-looking phishing websites and emails in an attempt to intimidate victims into providing their login credentials.

EasyDMARC, an email authentication company, explains that the phishing emails are able to bypass the DomainKeys Identified Mail (DKIM) authentication system, which would typically flag fake emails. This is because the emails are sent using Google’s own tool. The scammers input the entire email text as the name of their fake app, which is then automatically filled in when the email is sent from Google to the chosen address.

When the email is forwarded from the scammer to a user’s Gmail inbox, it appears as a legitimate and valid email since DKIM only checks the message and headers. This tactic is similar to the recent phishing attacks targeting PayPal users. Additionally, the phishing email includes a link to a support portal on sites.google.com, attempting to deceive the recipient into thinking it is a genuine Google site.

Nick Johnson, a developer at Etherem Name Service, also fell victim to the Google phishing scam. He reported the attackers’ misuse of Google OAuth applications as a security issue to Google. Initially, Google dismissed it as “working as intended,” but has since acknowledged the problem and is working on a solution.