The lead developer of ENS exposes a vulnerability that allows phishers to mimic Google's official alerts

PANews reported on April 17 that according to Bitcoin.com reports, Nick Johnson, the chief developer of ENS, revealed a sophisticated phishing attack that exploited vulnerabilities in Google's systems, especially the recently fixed OAuth vulnerability. According to Johnson, the attackers first sent a fraudulent email that appeared to be from Google's legal department, falsely claiming that the recipient's account was involved in a subpoena investigation. These emails are digitally signed with real DKIM and are sent from Google's official no-reply domain, so they can easily bypass Gmail's spam filtering. Johnson noted that the credibility of the scam was greatly enhanced by a sites.google.com hyperlink to a fake support portal. This fake Google login page exposes two major security vulnerabilities: first, the Google Sites platform allows arbitrary scripts to be executed, allowing criminals to create pages that steal credentials; The second is that the OAuth protocol itself is flawed. Johnson condemned Google's initial view of the vulnerability as "as expected by design" and stressed that the vulnerability posed a serious threat. To make matters worse, fake portals use the trusted domain name of sites.google.com as a cover, greatly reducing the vigilance of users. In addition, Google Sites' abuse reporting mechanism is not perfect, which makes it difficult for illegal pages to be closed in a timely manner. Under public pressure, Google eventually admitted that there was a problem. Johnson then confirmed that Google plans to fix a flaw in the OAuth protocol. Security experts remind users to be vigilant, to be suspicious of any unexpected legal documents, and to carefully verify the authenticity of the URL before entering their credentials.