In what has been described as an "extremely sophisticated phishing attack," threat actors have leveraged an uncommon approach that allowed bogus emails to be sent via Google's infrastructure and redirect message recipients to fraudulent sites that harvest their credentials.
"The first thing to note is that this is a valid, signed email – it really was sent from [email protected]," Nick Johnson



Source: TheHackerNews
Source Link: https://thehackernews.com/2025/04/phishers-exploit-google-sites-and-dkim.html