The Russian Ministry of Internal Affairs has recorded a new phishing method in which fraudsters disguise their emails as official Google notifications. The attacks exploit a vulnerability that allows original emails to be resent from the authentic address no-reply@google.com, with their content being replaced.
The emails contain links leading to sites hosted on the sites.google.com domain, which belongs to the Google Sites website builder. Since all projects in this service are located in the google.com subdomain, the recipient may not suspect a fake.
Clicking on these links takes the user to a page that visually copies official Google services. However, entering any data on these resources leads to its transfer to fraudsters.
Experts warn that even emails from a legitimate address may be fake. It is recommended to carefully check the content of messages and not enter personal information on websites, even if they are hosted in the google.com domain, without confidence in their authenticity.
Read more on the topic:
Major Russian companies talked about the main cyber threats
Fraudsters switched to phishing: attackers came up with a new way to deceive with mailings