Gmail’s Security Filters Bypassed for Sophisticated Phishing Attacks by Hackers

Post Views: 128

Gmail’s Security Filters Bypassed for Sophisticated Phishing Attacks by Hackers

“Once again, Google got in trouble. ‘Gmail’s Security Filters Getting Bypassed’ for Prepared Phishing Attacks by Adversaries.”

A highly advanced phishing attack has been discovered that takes advantage of flaws in Google’s OAuth mechanism.

The assault seems genuine to consumers since it comes from real Google domains and passes all common security checks, including DKIM authentication, despite successfully evading Gmail’s security filters.

Attack Benefits from OAuth Vulnerability

An assault that took use of a weakness in Google’s infrastructure to enable threat actors to send emails that seemed to originate from Google’s official domains was said to have targeted Ethereum Name Service (ENS) engineer Nick Johnson.

Johnson, X

“Recently, I was targeted by an extremely sophisticated phishing attack, and I want to highlight it here. It exploits a vulnerability in Google’s infrastructure, and given their refusal to fix it, we’re likely to see it a lot more.”

DKIM, Replay Attack

This attack’s technical sophistication lies in its clever manipulation of Google’s DKIM (DomainKeys Identified Mail) authentication system through what security experts call a “DKIM replay attack.”

This attack makes use of authentic OAuth permission channels, in contrast to traditional phishing attempts that depend on phony login sites.

The attack adheres to a precise technical step sequence:

The attackers set up a Google account with the username “me@domain” and registered a domain.
The full phishing message is incorporated into the name of a Google OAuth application that they create.
Google instantly delivers a security alert to the attacker’s inbox after allowing the app access to their email address.

This alert is sent to possible victims and is authentically authenticated using Google’s DKIM key. The email, which originates from “no-reply@google[.]com,” satisfies all common security requirements, including DKIM verification.

The phony message’s authenticity was further enhanced by the inclusion of a link to an apparently authentic Google support page housed on sites.google.com.

With an official-looking case reference number, the phishing email in Johnson’s case stated that a subpoena had been lodged on Google LLC demanding the release of his Google Account content.

Researchers discovered that the email’s attached link led to a phishing page hosted on the “google.com” subdomain, which instructed users to enter a fake login screen to obtain credentials.

Google Identifies the Threat

Google has acknowledged that it is aware of this phishing attempt and that it creatively takes advantage of OAuth and DKIM technologies.

The business said it is taking action against this particular threat and anticipates having a solution “fully deployed” in the near future.

“Google has changed its mind and will be resolving the OAuth issue! According to a recent post, Johnson affirmed.

Security experts advise users to use passkeys when possible, enable two-factor authentication, and be on the lookout for emails asking for login information or account verification, even if they seem to be from reliable sources.

By going beyond conventional credential harvesting to more complex exploitation of trusted authorization mechanisms like OAuth 2.0, this attack marks a worrying advancement in phishing tactics.

About The Author

Suraj Koli is a content specialist with expertise in cybersecurity and B2B Domains. He has provided his skills for the News4Hackers Blog and Craw Security. Moreover, he has written content for various sectors Business, Law, Food and beverage, Entertainment, and many others. Koli established his center of the field in an amazing scenario. Simply said, he started his career selling products, where he enhanced his skills in understanding the product and the point of view of clients from the customer’s perspective, which simplified his journey in the long run. It makes him an interesting personality among other writers. Currently, he is a regular writer at Craw Security.

Union IT Minister Ashwini Vaishnaw Launched Aadhar App To Mitigate Forging Aadhar Cards