TechRadar reports:
Researchers have discovered a clever and elaborate phishing scheme that abused Google’s services to trick people into giving away their credentials for the platform.
Lead developer of the Ethereum Name Service, Nick Johnson, recently received an email that seemed to have come from no-reply@google.com. The email said that law enforcement subpoenaed Google for content found in his Google Account.
He said that the email looked legitimate, and that it was very difficult to spot that it’s actually fake. He believes less technical users might very easily fall for the trick.
Apparently, the crooks would first create a Google account for me@domain. Then, they would create a Google OAuth app, and put the entire phishing message (about the fake subpoena) in the name field.
Then, they would grant themselves access to the email address in Google Workspace.
Google would then send a notification email to the me@domain account, but since the phishing message was in the name field, it would cover the entire screen.
Read more at TechRadar.