Phishing Attack Targeting ENS Developer
The chief developer of ENS, nick.eth, was recently targeted by an intricate phishing scheme that leveraged a loophole in Google’s systems. This was not just a random act; the phishing gang sent out emails masquerading as official correspondence from Google, misleading recipients into believing they were facing some kind of investigation.
Details of the Phishing Scheme
These deceptive messages were difficult to distinguish from legitimate communications, as they passed DKIM signature checks and appeared among genuine security notifications within users’ Gmail inboxes.
“Despite Google’s awareness of the vulnerability, they have yet to implement a fix.”
Continued Threat and User Safety
On April 16, BlockBeats reported on this alarming incident. In a concerning update, the same phishing group has rolled out another wave of attacks, aiming to lure users to a Google subdomain where they are tricked into revealing their passwords and even urged to set up a Passkey as a false security measure.
The attackers utilized Google’s sites service to craft a convincing support portal, which further compounded the risk as users would see the familiar google.com in the web address, inadvertently trusting the site.
Cybersecurity Advisory
As the threat persists, cybersecurity experts strongly advise users to exercise caution and remain alert to any suspicious communications that may appear to come from trusted sources, particularly Google.
