We value your privacy

We use cookies to enhance your browsing experience and analyze traffic anonymously for internal statistical purposes. By clicking “Accept all,” you consent to the use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site.... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

  • Cookie
    cookieyes-consent
  • Duration
    1 year
  • Description

    CookieYes sets this cookie to remember users' consent preferences so that their preferences are respected on subsequent visits to this site. It does not collect or store any personal information about site visitors.

  • Cookie
    _GRECAPTCHA
  • Duration
    180 days
  • Description
    This cookie is used by the Google reCAPTCHA service to protect the site from spam and abuse, distinguishing between real users and bots. It performs a risk analysis by collecting information on browsing behavior and device details, such as mouse movements, keystrokes, and technical data.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

  • Cookie
    language
  • Duration
    1 anno
  • Description

    This cookie is used to store the user's language preference.

  • Cookie
    post_viewed_
  • Duration
    1 ora
  • Description

    This cookie prevents a single visit to an article from being counted multiple times when the page is refreshed.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

  • Cookie
    _ga_*
  • Duration
    1 anno 1 mese 4 giorni
  • Description

    Google Analytics sets this cookie to count visitors to the page

  • Cookie
    _ga
  • Duration
    1 anno 1 mese 4 giorni
  • Description

    Google Analytics sets this cookie to calculate visitor, session, and campaign data and track site usage for site analytic reporting. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

News Flash

Google is emailing you? Watch out, it could be a hacker attack

A sophisticated phishing scam exploits a real vulnerability to steal your data. Here’s how it works and how to stay safe.

Google on desktop

12 May 2025

Table of contents

  • A phishing attack that speaks Google’s language
  • The core of the scam: DKIM replay and fake Google domains
  • Not just Google: the scam is spreading across platforms
  • How to protect yourself from this new scam
  • Security begins with awareness

A phishing attack that speaks Google’s language

A new cyber security threat is targeting unsuspecting users by exploiting a vulnerability in Google’s OAuth system, the protocol that lets users authorize third-party apps to access their data without sharing their password.

The danger? Seemingly legitimate emails, generated by malicious applications, manage to bypass standard security checks and trick users into giving access to personal information. The deception is so well crafted that even email systems recognize it as an authentic message.

The core of the scam: DKIM replay and fake Google domains

Hackers use a clever trick. They register a domain, create a fake OAuth app, and convince Google to generate a real security notification that’s sent to the victim from what appears to be no-reply@google.com.

Using a technique called DKIM replay, which manipulates email authentication protocols, the message appears digitally signed and trustworthy, slipping through phishing filters.

Meanwhile, fake phishing websites, hosted on domains that mimic Google’s, are near-perfect replicas of the real thing, fooling users into submitting login credentials.

Not just Google: the scam is spreading across platforms

This cyber threat isn’t limited to Google. Similar campaigns have been identified on PayPal and other platforms that use OAuth protocols.

The approach remains the same: a fake app gains permission to send alerts or access accounts, then redirects users to cloned websites to collect sensitive data.

How to protect yourself from this new scam

Until Google implements a structural fix, user awareness is the first line of defense. Here are the essential safety steps:

  • Check your authorized apps regularly in your Google Account settings and revoke any suspicious ones.
  • Don’t automatically trust emails that appear to be from Google, especially those making urgent requests.
  • Hover over links before clicking, legitimate messages won’t send you to unfamiliar domains.
  • If in doubt, search the message contents online, if it’s a scam, others likely reported it.

Security begins with awareness

This new wave of sophisticated attacks exploits the trust users place in well-known digital platforms. But no system is bulletproof, and cybercriminals are always looking for ways to break in.

Stay alert, verify everything, and remember: if something feels off, it probably is.

5
To top