Phishing scams targeting crypto users have taken a new turn, with cybercriminals leveraging Google’s infrastructure to carry out sophisticated attacks. The founder of Ethereum Name Service (ENS), Nick Johnson, recently raised alarms about a new method scammers are using to compromise Gmail accounts and potentially target associated crypto wallets.
The attackers exploit a flaw in Google’s ecosystem to send phishing emails that masquerade as legitimate security alerts from the tech giant itself. These emails are equipped with valid DomainKeys Identified Mail (DKIM) signatures, allowing them to evade spam filters and appear genuine to recipients.
Upon opening the emails, users are directed to a fake support portal hosted on a Google subdomain. This counterfeit page prompts victims to log in and submit sensitive documents, potentially leading to credential theft and compromise of Gmail accounts and linked services.
The phishing sites are crafted using Google’s Sites platform, which grants flexibility for custom scripts and embedded content. While this versatility benefits legitimate users, it also provides a playground for malicious actors to create convincing phishing portals. Moreover, there is currently no direct way to report abuse through the Google Sites interface, making it easier for attackers to keep their fraudulent content online.
To enhance the illusion of authenticity, scammers create a Google OAuth application to format and distribute phishing messages. These messages include structured text and contact information purportedly from Google Legal Support.
Despite Johnson’s bug report to Google highlighting this vulnerability, the tech giant reportedly dismissed it as “Working as Intended,” indicating that the features are functioning as designed and do not pose a security threat. However, Johnson emphasized the need for Google to consider restricting script and embedding capabilities to curb future misuse.
This incident underscores the escalating sophistication of phishing schemes in the crypto space. According to Scam Sniffer, almost 6,000 users fell victim to phishing scams in March 2025, resulting in losses totaling $6.37 million. In the first quarter of the year, 22,654 individuals suffered losses amounting to $21.94 million due to such fraudulent activities.
As crypto users navigate the treacherous waters of online security, staying vigilant and adopting best practices is crucial to safeguarding assets and personal information from cyber threats.