Tech expert warns of extremely sophisticated new Gmail scam claiming to be from law enforcement

It’s a digital wolf in sheep’s clothing.Phishing messages are becoming nearly indistinguishable from the real deal.Now, techsperts are warning of a super “sophisticated” Google spoofing scheme in which cybercriminals use legitimate-looking Gmail communications to hijack user accounts.Nick Johnson, the lead developer of Ethereum Name Service (ENS), brought this digital Trojan Horse to light in a series of X posts.

“Recently I was targeted by an extremely sophisticated phishing attack, and I want to highlight it here,” he wrote while describing the chameleonic scheme.“It exploits a vulnerability in Google’s infrastructure, and given their refusal to fix it, we’re likely to see it a lot more.”In this case, the phishing scam was disguised as an official request by law enforcement.“This notice is to alert you that a subpoena was issued to Google LLC by a law enforcement that seeks retrieval of information contained in your Google account,” it read, per a screenshot of the message.

“To examine the case materials or take measures to submit a protest, please do so in the provided Google Support Case.”Upon clicking on “upload additional documents” or “view case,” the user is taken to a sign-in page to input their credentials, whereupon bad actors will presumably use them to commander their account.“I haven’t gone further to check,” Johnson noted.The correspondence was particularly insidious as it linked to a very convincing ‘support portal’ page.The cyberspoofers also used Google Sites — a free web-based platform for creating websites without needing coding skills — “because they know people will see the domain is http://google.com and assume it’s legit,” said Johnson.To make things more confusing, the email originated from an official no-reply on Google’s domain and was filed “in the same conversation as other, legitimate security alerts,” the tech whiz warned.How did the hackers manage to fly under the radar? ...