Gmail user? Beware of this sophisticated phishing attack

A recent phishing attack targeting Gmail users exploited legitimate Google domains and email signatures, exposing vulnerabilities in Google's infrastructure. Here's how it happened—and how to protect yourself.

A 62-year-old retired Chief Justice of the Bombay High Court was allegedly duped of Rs 49,998 in a phishing scam last month. (Representational image via Canva)

Gmail is one of the most commonly used email services across the world, known for its ease of use and enhanced user protection with multi-level security protocols. However, despite these measures, the platform remains vulnerable to phishing attacks, where cybercriminals employ new techniques to gain access to Gmail accounts. These compromised accounts are often used for illicit activities, potentially leading to data theft and financial losses.

Also read | He downloaded a WhatsApp image. Minutes later, Rs 2 lakh was gone

An X user named nick.eth, with the username @nicksdjohnson, recently shared an incident in which he was the victim of an “extremely sophisticated phishing attack,” highlighting a vulnerability in Google’s infrastructure.

Recently I was targeted by an extremely sophisticated phishing attack, and I want to highlight it here. It exploits a vulnerability in Google’s infrastructure, and given their refusal to fix it, we’re likely to see it a lot more. Here’s the email I got: pic.twitter.com/tScmxj3um6

— nick.eth (@nicksdjohnson) April 16, 2025

Nick received an email on April 15 from a valid, signed email address—no-reply@google.com—which even passed the DKIM signature check. The email asked him to produce a copy of his Google account content. When he clicked the link, he was redirected to a “support portal” page hosted on a domain containing sites.google.com. At first glance, this could easily convince anyone that it was a legitimate Google website—but it was not.

The website featured a login page that was identical to Google’s, designed specifically to harvest user credentials. According to Nick, this was made possible due to two major vulnerabilities in Google’s system:

Story continues below this ad

A fake portal hosted via sites.google.com, which allows anyone to host content on Google’s subdomain.

The use of a legitimate-looking sender email address.

Nick has submitted a report to Google, and the company is currently working on patching the vulnerability.

Until Google addresses the issue, it’s crucial to always verify the source of any email before clicking on links or sharing personal information. Given that email accounts are often targeted by various phishing campaigns, staying vigilant is key to protecting yourself from such sophisticated attacks.