ChainCatcher reports that SlowMist founder Yu Xun posted on social platforms that the ENS chief developer was previously subjected to a phishing attack, which exploited a vulnerability in Google's infrastructure. The phishing group disguised themselves as an official Google phishing email, deceiving users into believing they were being targeted by law enforcement. Although Google has upgraded its countermeasures, today the phishing group launched a new round of phishing attacks, continuing to lure users to "google.com" subdomains, inducing users to disclose account passwords, and immediately adding Passkeys.
ChainCatcher previously reported that ENS chief developer nick.eth posted on social platforms, stating that he encountered an extremely complex phishing attack that exploited a vulnerability in Google's infrastructure, but Google refused to fix the vulnerability.
He explained that the attack email looked very authentic, could pass DKIM signature verification, was displayed normally by GMail, and was placed in the same conversation as other legitimate security warnings. The attackers utilized Google's "Sites" service to create a trusted "support portal" page, as users would see the domain containing "google.com" and mistakenly believe it was safe, urging users to remain cautious.
