60b490b0 d22a 4949 bbd6 e1bd3c11e2e4 169 (1) Mitra IT | Your Trusted & Reliable Software Solutions

New Account Draining Mode, Scam Emails from Official Gmail Addresses

Jakarta, CNBC Indonesia Google has issued an emergency warning to billions of Gmail users worldwide. This follows the revelation of a new phishing method that exploits a vulnerability in Google’s infrastructure.

Developer Nick Johnson, one of the victims of this attack, revealed that he received an email from the legitimate address no-reply@accounts.google.com.

The email even passed DKIM (DomainKeys Identified Mail) verification, so Gmail did not provide any warning signs, and instead merged it into a conversation containing a genuine security notification.

This attack is even more dangerous because the email claims that Google has received a court order to hand over their account data.

Users are then directed to click on a link that takes them to a fake “support portal” page hosted on Google’s official site, sites.google.com.

If users click the “Upload additional documents” or “View case” button on the fake page, they will be taken to a fake login page. This is where the credential data is stolen and used to take over the victim’s account.

Quoting PC Mag, Tuesday (4/29/2025), Johnson said there were two gaps in the Google system that were exploited in this attack.

Google which allows the insertion of free scripts, as well as Google’s email verification mechanism that can be manipulated to bypass security

“First, the legacy sites.google.com product has been around since before Google was serious about security. People can host content on google.com subdomains. Most importantly, it supports arbitrary scripts and embeds,” he said.

In a statement to Newsweek, a Google spokesperson said that they were already aware of this type of attack. And they have taken protective measures for Gmail users.

“We are aware of this type of attack from a threat actor named Rockfoils, and have implemented additional protections over the past week. These protections will soon be fully active and close this abuse gap,” said Google.

While waiting for a complete fix, Google urges users to enable multi-factor authentication (MFA) and use passkeys to strengthen account security.

The warning comes amid a rise in phishing cases, including an incident where Troy Hunt, a cybersecurity expert and creator of the site HaveIBeenPwned.com, was also successfully fooled by a phishing email while jetlagged.

For users who have already fallen victim, Google said there is still a chance to recover their account within a maximum of seven days, as long as they have associated a recovery phone number and email to the account.

SOURCE : CNBC INDONESIA