2 weeks Ago By James Paul
A former software engineer at Google took to X/Twitter and exposed a major vulnerability in the Silicon Valley giant’s legacy product - the now redundant sites(dot)google(dot)com , where users hosted their content. In an email that Nicks D. Johnson received on Gmail, entitled ‘Security Alert,’ no less, the user was served a notice by Google to produce a copy of their content as the company was served a subpoena.
It convincingly read, “ This notice is to alert you that a subpoena was issued to Google LLC by a law enforcement that seeks retrieval of information contained in your Google Account.” It further warned, “to examine the case materials or take measures to submit a protest, please do so in the provided Google Support Case .” Recently I was targeted by an extremely sophisticated phishing attack, and I want to highlight it here.
It exploits a vulnerability in Google's infrastructure, and given their refusal to fix it, we're likely to see it a lot more. Here's the email I got: pic.twitter.
com/tScmxj3um6 — nick.eth (@nicksdjohnson) April 16, 2025 So far sounds alarming yet nothing's sus. The email sent seems too legit, having no-reply@google.
com as the addressee, and passed the DKIM signature test, with no warning label by Gmail. The user further stated that the link takes you to “ a very convincing support portal ,” which the scammers hosted on sites(dot)google(dot)com . People will automatically assume it's from Google and is legit.
Moving further, clicking on the “View case ” or “ Upload additional documents ” takes the user to yet another “ exact duplicate of the real thing. ” The techpreneur warns that herein lies the clue to detect if you are being conned. “ The only hint it's a phish is that it's hosted on sites.
google.com instead of accounts.google.
com .” See Also: Paytm Boss Vijay Shekhar Sharma Flags A 'Next Level Fraudster' Phishing Scam That You Can't Afford To Miss. See Also: Alert! New WhatsApp Image Scam Spreading Rapidly—Here’s How To Recognize And Avoid It Nicks further writes that the sophisticated email is “ obviously a security issue on Google's part.
” For the eagle-eyed normies, the first clue lies (as shared in the screenshots) in the header of the email. While it shows “signed by accounts(dot)google(dot)com ,” the name of the mailer is beneath (in this case privateemaildotcom). The second clue, shown by the user, is “ a lot of whitespace ” beneath the phishing message.
He goes on to explain the modus operandi in further tweets. The email is much more sophisticated, and in my opinion much more obviously a security issue on Google's part. The first clues are in the email header: although it was signed by https://t.
co/kCLNEQcBQK , it was emailed by https://t.co/ENBJVYriTF , and sent to 'me@blah' pic.twitter.
com/BodFDqc6Ps — nick.eth (@nicksdjohnson) April 16, 2025 The second clue is here: below the phishing message is a lot of whitespace (mostly not shown) followed by "Google Legal Support was granted access to your Google Account" and the odd me@..
. email address again. pic.
twitter.com/QyYNCh3b67 — nick.eth (@nicksdjohnson) April 16, 2025 After initially declining, Google is now working on the bug report submitted pertaining to the phishing attack.
Meanwhile, another user shared how Google’s other product, YouTube’s email infrastructure, is hacked in a similar manner. I've submitted a bug report to Google about this; unfortunately they closed it as 'Working as Intended' and explained that they don't consider it a security bug. Obviously I disagree - but until they change their mind, be on the lookout for deceptive security alerts from Google.
pic.twitter.com/AoyZOVssPs — nick.
eth (@nicksdjohnson) April 16, 2025 Outstanding news: Google has reconsidered and will be fixing the oauth bug! — nick.eth (@nicksdjohnson) April 16, 2025 YouTube's email infrastructure is also hacked in the same way. Passing DKIM, SPF, DMARC of actual YouTube emails.
For 2 months, Google and YouTube has done nothing @TeamYouTube These are targeting creator accounts. pic.twitter.
com/zyRCzj7ENK — CTO Larsson (@ctoLarsson) April 17, 2025 See Also: Massive Breach Of Elon Musk's X Allegedly Leaks Over 200 Million Users' Email Addresses See Also: Vijay Deverakonda’s Viral ‘Main Moorkh Nahi Hoon’ Video Reveals How UPI SMS Scam Can Cost You: Watch.
