![Mobile Legends: Bang Bang [MLBB] Free Redeem Codes April 2025](https://www.talkandroid.com/wp-content/uploads/2024/07/Screenshot_20240704-093036_Mobile-Legends-Bang-Bang.jpg)
![Apple Releases iOS 18.5 Beta 3 and iPadOS 18.5 Beta 3 [Download]](https://www.iclarified.com/images/news/97076/97076/97076-640.jpg)
![Apple Seeds visionOS 2.5 Beta 3 to Developers [Download]](https://www.iclarified.com/images/news/97077/97077/97077-640.jpg)
![Apple Seeds tvOS 18.5 Beta 3 to Developers [Download]](https://www.iclarified.com/images/news/97078/97078/97078-640.jpg)
![Apple Seeds watchOS 11.5 Beta 3 to Developers [Download]](https://www.iclarified.com/images/news/97079/97079/97079-640.jpg)
![Lenovo shows off its next 8.8-inch Legion Tab with vague AI promises [Gallery]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2025/04/lenovo-legion-tab-y700-2025-1.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
_Tanapong_Sungkaew_via_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![[The AI Show Episode 144]: ChatGPT’s New Memory, Shopify CEO’s Leaked “AI First” Memo, Google Cloud Next Releases, o3 and o4-mini Coming Soon & Llama 4’s Rocky Launch](https://www.marketingaiinstitute.com/hubfs/ep%20144%20cover.png)
![BPMN-procesmodellering [closed]](https://i.sstatic.net/l7l8q49F.png)
![how to represent in-house ai in deployment diagram [closed]](https://cdn.sstatic.net/Sites/softwareengineering/Img/apple-touch-icon@2.png?v=1ef7363febba)
![From fast food worker to cybersecurity engineer with Tae'lur Alexis [Podcast #169]](https://cdn.hashnode.com/res/hashnode/image/upload/v1745242807605/8a6cf71c-144f-4c91-9532-62d7c92c0f65.png?#)
Beware, hackers can apparently now send phishing emails from “no-reply@google.com”
Researchers discover a rather elaborate scheme that looks authentic but it's still just phishing.
- Crooks are abusing Google's notification system to bypass email protection
- Through OAuth apps, they are able to generate convincing phishing emails
- The campaign also uses sites.google.com
Researchers have discovered a clever and elaborate phishing scheme that abused Google’s services to trick people into giving away their credentials for the platform.
Lead developer of the Ethereum Name Service, Nick Johnson, recently received an email that seemed to have come from no-reply@google.com. The email said that law enforcement subpoenaed Google for content found in his Google Account.
He said that the email looked legitimate, and that it was very difficult to spot that it’s actually fake. He believes less technical users might very easily fall for the trick.
Keeper is a cybersecurity platform primarily known for its password manager and digital vault, designed to help individuals, families, and businesses securely store and manage passwords, sensitive files, and other private data.
It uses zero-knowledge encryption and offers features like two-factor authentication, dark web monitoring, secure file storage, and breach alerts to protect against cyber threats.
Preferred partner (What does this mean?)View Deal
DKIM signed
Apparently, the crooks would first create a Google account for me@domain. Then, they would create a Google OAuth app, and put the entire phishing message (about the fake subpoena) in the name field.
Then, they would grant themselves access to the email address in Google Workspace.
Google would then send a notification email to the me@domain account, but since the phishing message was in the name field, it would cover the entire screen.
Scrolling to the bottom of the email message would show clear signs that something was amiss, since at the bottom one could read about getting access to the me@domain email address.
The final step is to forward the email to the victim. “Since Google generated the email, it's signed with a valid DKIM key and passes all the checks,” Johnson explained how the emails landed in people’s inbox and not in spam.
The attack is called a “DKIM replay phishing attack,” since it leans on the fact that in Google’s systems, DKIM checks only the message and the headers, not the envelope. Since the crooks first registered the me@domain address, Google will show it as if it was delivered to their email address.
To hide their intentions even further, the crooks used sites.google.com to create the credential-harvesting landing page. This is Google’s free web-building platform and should always raise red flags when spotted.
Via BleepingComputer
You might also like
- Millions of airline customers possibly affected by OAuth security flaw
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers
