The recent phishing attack successfully impersonated Google emails using a valid DKIM signature, making the malicious messages appear legitimate and bypassing email security protocols.
A sophisticated phishing campaign successfully spoofed Google using DKIM credentials, tricking users into providing Google credentials via a fake subpoena link.
A sophisticated phishing attack recently targeted Google users, exploiting a well-known email authentication method to bypass security measures.
The attackers sent emails appearing to be from Google’s legitimate address, no-reply@accounts.google.com, and claimed the recipient needed to comply with a subpoena.
The emails contained a link to a Google Sites page, prompting users to log in and revealing a fake legal support page.
What made this phishing attempt particularly dangerous was that it successfully passed both DMARC and DKIM email authentication checks, making it appear entirely genuine to recipients.
In another cyber-related development, Microsoft issued a warning regarding the use of Node.js in distributing malware. Attackers have been using the JavaScript runtime environment to deploy malware through scripts and executables, particularly targeting cryptocurrency traders via malvertising campaigns.
The new technique involves executing JavaScript directly from the command line, making it harder to detect by traditional security tools.
Meanwhile, the US has witnessed a significant change in its disinformation-fighting efforts.
The State Department has closed its Counter Foreign Information Manipulation and Interference group, previously known as the Global Engagement Center, after accusations that it was overreaching in its censorship activities.
The closure, led by Secretary of State Marco Rubio, has sparked criticism, with some seeing it as a victory for foreign powers like Russia and China.
Finally, gig workers face new challenges as the Tech Transparency Project revealed that Facebook groups are being used to trade fake gig worker accounts for platforms like Uber and Lyft.
Sellers offer access to verified accounts, bypassing safety checks, and putting passengers and customers at risk. Despite reports to Meta, many of these groups remain active, with the social media giant’s automated systems failing to curb the activity.