By Victor Duda
The email came from a valid address registered with a real existing Google Account. In the social network X, he explained that E-Male was sent from [Email Protected]. Such letters are tested by DKIM signatures, and Gmail reflects them without any warnings, and even puts them in the same conversation as other, legitimate security notifications, Nick explained.
DKIM Google's signature usually filters any suspicious e-mail, checking their source, and then placed in a spam folder to guarantee users' protection. However, since this new type of fraud allows hackers to mask by generating Google domain. As a result, the spam verification bot sees that the email is of legal origin. This means that the fake letter appears in a regular mailbox as a real e -mail, and does not get into the spam section, according to the material.
There is a built -in link inside each letter, after clicking on which users fall on the "very convincing" portal page, where they are offered to log in, using their account name and password. If a trusting user enters his data at this stage, fraudsters will instantly access his personal data. Google has confirmed that it will soon release a correction that will stop using its name and e -mail address for attacks on Gmail account owners.
In a statement for Newsweek, a company representative said: "We know about this class of targeted attacks by the Occurrence of Rockfoils and over the past week implemented protection. However, the technological giant has not confirmed when new safety features will be deployed, so users should be kept vigilance, the authors of the material summarize. Earlier, they reported how to protect secret messages on your smartphone.
English
Українська
USA
Français
Deutsch
Italiano
Polski
Čeština
Español
Slovensku
