A sophisticated new phishing scam is exploiting Google Sites to target cryptocurrency users and email credentials. Nick Johnson, the developer behind Ethereum Name Service (ENS), recently exposed this dangerous tactic that bypasses typical security measures.

The scam works through emails that appear to be legitimate Google security alerts, complete with valid DKIM signatures that help them bypass spam filters. These emails direct victims to convincing fake Google support pages hosted on actual Google Sites subdomains.

Key features of this scam:

• Uses legitimate Google Sites infrastructure
• Creates highly convincing fake Google support pages
• Employs custom Google OAuth apps
• Targets both email credentials and crypto assets
• Difficult to report or remove due to Google Sites limitations

The impact is significant: In March 2025 alone, nearly 6,000 people lost $6.37 million to phishing scams. The first quarter of 2025 saw over 22,000 victims losing $21.94 million collectively.

How to protect yourself:

• Verify sender addresses carefully
• Check URLs before clicking
• Never upload sensitive documents to unfamiliar portals
• Use hardware wallets for cryptocurrency
• Maintain separate email accounts for different crypto platforms
• Be skeptical of unexpected security alerts

When Johnson reported this to Google, they classified it as expected behavior rather than a security bug, highlighting the need for improved platform security measures and user awareness.

Related Articles

Previous Articles