Menu

Categories:

Hot right now:

Follow on:

Coinsurges provides coverage of fintech, blockchain, and Bitcoin, delivering the most recent news and analyses on the future of money. Stay up-to-date with live prices, charts, and trading options for the top exchanges. Keep track of the day's top cryptocurrency gainers and losers, as well as which coins have experienced gains and losses in the past 24 hours.
Trust Coinsurges as your go-to source for all news and updates in the industry.

Menu

Categories:

Hot right now:

Follow on:

Coinsurges provides coverage of fintech, blockchain, and Bitcoin, delivering the most recent news and analyses on the future of money. Stay up-to-date with live prices, charts, and trading options for the top exchanges. Keep track of the day's top cryptocurrency gainers and losers, as well as which coins have experienced gains and losses in the past 24 hours.
Trust Coinsurges as your go-to source for all news and updates in the industry.

Phishing scammers now exploiting Google’s infrastructure to target crypto users

Share This Post

Phishing scams targeting crypto users have become more advanced, with attackers abusing Google’s infrastructure to conduct highly convincing attacks.

On April 16, Nick Johnson, the founder and lead developer of Ethereum Name Service (ENS), raised concerns over a fresh method cybercriminals use to compromise Gmail accounts and potentially target associated crypto wallets.

How phishing attackers are using Google to their advantage

According to Johnson, the attackers exploit a loophole in Google’s ecosystem that allows them to send phishing emails that appear genuine security alerts from the tech giant itself.

These emails are signed with valid DomainKeys Identified Mail (DKIM) signatures, enabling them to bypass spam filters and appear authentic to recipients.

Once opened, these emails direct users to a counterfeit support portal hosted on a Google subdomain. This fake page prompts victims to log in and upload sensitive documents.

However, Johnson warned that the attackers are likely harvesting credentials, which could compromise Gmail accounts and any services linked to those emails.

The phishing sites are built using Google’s Sites platform, which allows custom scripts and embedded content.

While this flexibility benefits legitimate users, it also allows malicious actors to create convincing phishing portals. Even more concerning is that there’s currently no way to report abuse directly through the Google Sites interface, making it easier for attackers to keep their content online.

He said:

“Google long ago realised that hosting public, user-specified content on google.com is a bad idea, but Google Sites has stuck around. IMO they need to disable scrips and arbitrary embeds in Sites; this is too powerful a phishing vector.”

To further enhance the illusion of legitimacy, the scammers create a Google OAuth application that formats and shares the phishing message. These messages are always complete with structured text and what appears to be contact information for Google Legal Support.

Google’s response

Johnson reported that he submitted a bug report to Google about this vulnerability.

Still, the search engine giant reportedly stated that the features work as intended and do not constitute a security issue.

Johnson wrote:

“I’ve submitted a bug report to Google about this; unfortunately they closed it as ‘Working as Intended’ and explained that they don’t consider it a security bug.”

Nevertheless, he urged Google to consider limiting script and embedding functionality to help prevent future abuse.

This incident highlights the increasing sophistication of phishing campaigns within the crypto space. According to Scam Sniffer, nearly 6,000 users lost around $6.37 million to phishing scams in March 2025 alone. In the first quarter of the year, 22,654 victims suffered total losses of $21.94 million.

The post Phishing scammers now exploiting Google’s infrastructure to target crypto users appeared first on CryptoSlate.

Read Entire Article
spot_img
- Advertisement -spot_img

Related Posts

Dogecoin Enters Danger Zone — Chartist Predicts Sharp Drop Ahead

Dogecoin slipped toward the lower end of its month-long range on Tuesday as independent chartist Quantum Ascent delivered a granular breakdown of why he believes the meme-coin is part-way through a

3 High-Value Tokens Not to Miss in Q2 as Altseason Approaches: Shiba Inu, Solana and Unilabs

The post 3 High-Value Tokens Not to Miss in Q2 as Altseason Approaches: Shiba Inu, Solana and Unilabs appeared first on Coinpedia Fintech News Bitcoin (BTC) might be running the show after recording

Unilabs’ 30% Bonus Attracts Ethereum and Binance Coin Holders

The post Unilabs’ 30% Bonus Attracts Ethereum and Binance Coin Holders appeared first on Coinpedia Fintech News The Binance Coin price is still holding above $600, a sign of strong investor

Crypto Regulations in El-Salvador 2025 : First Country to Use Bitcoin as Legal Tender

The post Crypto Regulations in El-Salvador 2025 : First Country to Use Bitcoin as Legal Tender appeared first on Coinpedia Fintech News El Salvador made history in 2021 as the first nation to adopt

Trump Media Secures $2.5B to Build Bitcoin Treasury With Institutional Firepower

Trump Media is unleashing a $25 billion bitcoin treasury strategy, vaulting digital assets onto its balance sheet and supercharging its mission to disrupt traditional finance Bitcoin Treasury

Bitcoin Retraces Below $109,000: Analysts Split on Future Outlook

The market’s leading crypto, Bitcoin (BTC), has experienced a retracement below the $109,000 mark on Monday, following its recent surge to an all-time high (ATH) of $111,800 last week As the
You have not selected any currencies to display