The founder and lead developer of Ethereum Name Service has warned his X followers of an “extremely sophisticated” phishing attack that can impersonate Google and trick users into giving out login credentials.
The phishing attack exploits Google’s infrastructure to send a fake alert to users informing them that their Google data is being shared with law enforcement due to a subpoena, ENS’ Nick Johnson said in an April 16 post to X.
“It passes the DKIM signature check, and GMail displays it without any warnings – it even puts it in the same conversation as other, legitimate security alerts,” he said.
The fake subpoena appears to be from a Google no-reply domain. Source: Nick Johnson
As part of the attack, users are offered the chance to view the case materials or protest by