SlowMist COSINE: Phishing Group Uses Google Subdomain for New Phishing Attack, Leading Users to Disclose Account Passwords

BlockBeats News, April 20th - SlowMist founder Cosmos posted on social media that earlier, the ENS chief developer fell victim to a phishing attack that exploited a vulnerability in Google's infrastructure. The phishing group sent out a phishing email disguised as an official Google communication, tricking users into believing they were under investigation. While Google has taken countermeasures, today the phishing group launched a new round of phishing attacks and will continue to lure users to a subdomain of "google.com," prompting them to disclose their account passwords and immediately add a Passkey.

BlockBeats previously reported that on April 16th, ENS chief developer nick.eth stated that he experienced a highly sophisticated phishing attack that exploited a vulnerability in Google's infrastructure, which Google refused to fix. He indicated that the attack email looked very authentic, could pass DKIM signature verification, and was displayed normally in Gmail, alongside other legitimate security alerts in the same thread. The attackers used Google's "sites" service to create a trusted "support portal" page, as users would see the domain name containing "google.com" and mistake it for being secure. Users should remain vigilant.