A new phishing scheme targeting weaknesses in Google’s email system has been uncovered, according to tech news site TechRadar reported on Monday. Hackers are now sending deceptive emails to users from the address, no-reply@google.com, cleverly bypassing standard security measures.
This sophisticated attack leverages Google’s OAuth (Open Authorization) app. Cybercriminals begin by creating a Google account with the format, me@domain, then develop an OAuth app to embed phishing content in the name field. After gaining access permissions for this email address through Google Workspace, Google unwittingly sends out notification emails on their behalf. While the email footer displays the me@domain address, most recipients overlook this crucial detail, leaving them vulnerable to the scam.
Known as the DomainKeys Identified Mail (DKIM) replay phishing attack, this method exploits a flaw in DKIM’s verification process. The system only checks domain signatures without authenticating the actual sender’s account. To increase their success rate, hackers create phishing pages on trusted domains like, sites.google.com, making it easier to steal user information.
Cybersecurity experts are urging users to exercise caution, even with emails that appear to be from Google. They strongly advise against responding to any requests for information through sites.google.com, as these are likely to be fraudulent.