Sophisticated Phishing Attack Exploits Google Infrastructure

Posted: 2025-04-16 11:41:42 UTC

@nick.ethnicksdjohnson

#security

#vulnerability

#google

#phishing

#oauth

#securityAlert

Read With Caution

This article contains some claims that remain unverified. While much of the content may be accurate, exercise care when relying on this information.

Full Thread

This article contains some claims that remain unverified. While much of the content may be accurate, exercise care when relying on this information.

Read With Caution

Verification Details

Status

In Progress

VerifiedPartially VerifiedFalse

Last Updated

2025-04-16 11:42:41 UTC

Verified By

Rollup News

TL;DR;

The author describes a sophisticated phishing attack that exploits vulnerabilities in Google's infrastructure, specifically through Google Sites and a clever use of OAuth applications to send valid, signed emails. Google has declined to fix the reported vulnerabilities, considering them 'Working as Intended'.

Key Impact Areas

Phishing attack exploits Google Sites vulnerability

Valid, signed emails used for phishing

Google's refusal to fix the vulnerabilities

OAuth application abuse

Challenges

Google's refusal to acknowledge the security vulnerability

Difficulty in reporting abuse from the Sites interface

Users assuming legitimacy due to the google.com domain

Sophisticated Phishing Attack Exploits Google Infrastructure

Read With Caution

Full Thread

Read With Caution

Verification Details

TL;DR;

Key Impact Areas

Challenges

Claims

Deliberation Map

Similar Rollups