ENS Chief Developer Reveals Vulnerability Allowing Phishers to Imitate Google Official Alert

According to Bitcoin.com, ENS chief developer Nick Johnson has revealed a sophisticated phishing attack that exploits vulnerabilities in Google's system, particularly the recently fixed OAuth vulnerability. According to Johnson's description, the attacker first sent a fraudulent email that appeared to be from Google's legal department, falsely claiming that the recipient's account was involved in a subpoena investigation. These emails have genuine DKIM digital signatures and are sent from Google's official no reply domain, making it easy to bypass Gmail's spam filtering. Johnson pointed out that the credibility of the scam is due to a link to a fake support portal site (Google. com) has seen a significant increase in hyperlinks. This forged Google login page exposes two major security vulnerabilities: firstly, the Google Sites platform allows for the execution of arbitrary scripts, enabling criminals to create pages that steal credentials; The second issue is that the OAuth protocol itself has flaws. Johnson condemned Google for initially viewing this vulnerability as "in line with design expectations" and emphasized that the vulnerability posed a serious threat. Even worse, fake portals exploit sites The trusted domain name (Google. com) serves as a cover, greatly reducing users' vigilance. In addition, the abuse reporting mechanism of Google Sites is not perfect, which makes it difficult for illegal pages to be closed in a timely manner. Under public pressure, Google eventually admitted to having problems. Johnson subsequently confirmed that Google plans to fix the flaws in the OAuth protocol. Security experts remind users to remain vigilant, be skeptical of any unexpected legal documents, and carefully verify the authenticity of the website before entering credentials.