ENS founder warns of Google spoof that tricks users with a fake subpoena
A Google spokesperson told Cointelegraph that the company is aware of the issue and is shutting down the mechanism that attackers are using for this scam.
The founder and lead developer of Ethereum Name Service has warned his X followers of an “extremely sophisticated” phishing attack that can impersonate Google and trick users into giving out login credentials.
The phishing attack exploits Google’s infrastructure to send a fake alert to users informing them that their Google data is being shared with law enforcement due to a subpoena, ENS’ Nick Johnson said in an April 16 post to X.
“It passes the DKIM signature check, and GMail displays it without any warnings – it even puts it in the same conversation as other, legitimate security alerts,” he said.
