Security News > 2025 > April > Phishers Exploit Google Sites and DKIM Replay to Send Signed Emails, Steal Credentials
2025-04-22 10:50
In what has been described as an "extremely sophisticated phishing attack," threat actors have leveraged an uncommon approach that allowed bogus emails to be sent via Google's infrastructure and redirect message recipients to fraudulent sites that harvest their credentials. "The first thing to note is that this is a valid, signed email – it really was sent from [email protected]," Nick Johnson
News URL
https://thehackernews.com/2025/04/phishers-exploit-google-sites-and-dkim.html
Related news
- Cybercriminals Exploit CSS to Evade Spam Filters and Track Email Users' Actions (source)
- Malicious ads target Semrush users to steal Google account credentials (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Google is making sending end-to-end encrypted emails easy (source)
- Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft (source)
- Phishers abuse Google OAuth to spoof Google in DKIM replay attack (source)