61°
The scam came to light after developer Nick Johnson shared a warning on social media about a highly convincing phishing email that landed in his inbox.
The message appeared to come from no-reply@accounts.google.com, Google’s real notification address, and passed standard authentication checks, including the DKIM (DomainKeys Identified Mail) signature.
Gmail offered no alerts, and the message was grouped with actual security notifications Johnson had received in the past.
In the post on X (formerly Twitter), Johnson explained that the email claimed Google had received a subpoena for his account information.
The message included links to what appeared to be a legitimate Google support portal hosted on sites.google.com, a domain most users would trust at first glance.
Clicking the link led to a page prompting him to “Upload additional documents” or “View case,” which then redirected to a sign-in page designed to harvest login credentials.
Cybersecurity experts advise users to avoid clicking links in unsolicited emails, even if they appear to be from Google.
Instead, log directly into your account through the official website to verify alerts.
Always double-check the full URL of any page requesting login credentials, and enable two-factor authentication for added protection.
Check back to Daily Voice for updates.
Click here to follow Daily Voice Woodbridge and receive free news updates.
