Attackers are sending phishing emails that look like they are from Google.
The scam uses Google’s own “Sites” web-building application to create believable phishing websites and emails that aim to scare victims into giving up their login details.
The messages circumvent Google’s DomainKeys Identified Mail (DKIM) authentication, because the messages are sent from Google’s own tool.
PayPal users were targeted in a similar way last month using the DKIM relay attack.
The scam links to a real-looking support site rather than a legitimate account page, hoping the recipient won’t notice it’s a fake.
Etherem Name Service developer Nick Johnson reported the issue to Google, which initially said the flaw was “working as intended” but has now promised a fix.