
A new Gmail phishing scam has raised alarm within the cybersecurity community after appearing to originate from legitimate Google sources. The attack came to light when software developer Nick Johnson detailed his experience with what he called an “extremely sophisticated phishing attack.” The email, seemingly from Google, passed security checks and led him to a fake sign-in page hosted at sites.google.com—a valid Google subdomain.
Johnson explained that attackers exploited a legacy Google product that allows hosting arbitrary scripts on Google subdomains. Using this, scammers were able to replicate the appearance of Google’s OAuth security alerts and convince users to enter login credentials.
Google initially did not respond but has since confirmed to Newsweek that it is aware of the issue and working on a fix. “We’re aware of this class of targeted attack from the threat actor, Rockfoils, and have been rolling out protections for the past week,” said a Google spokesperson. “These protections will soon be fully deployed, which will shut down this avenue for abuse.”
Google urged users to enable two-factor authentication and passkeys to better protect their accounts in the meantime.
This scam highlights how older, less-secure products and systems can still be exploited, even under modern security frameworks. The ability to host malicious content on Google’s own subdomains makes this phishing campaign particularly dangerous and difficult to detect.
Published: 21 Apr 2025, 11:40 am IST
Related Topics
Subscribe to our Newsletter
Get Latest Mathrubhumi Updates in English
Disclaimer: Kindly avoid objectionable, derogatory, unlawful and lewd comments, while responding to reports. Such comments are punishable under cyber laws. Please keep away from personal attacks. The opinions expressed here are the personal opinions of readers and not that of Mathrubhumi.

