The sender’s email address seems completely legitimate, further complicating the identification of the scam.
With more than 1.8 billion users worldwide, Gmail is a target of choice for crooks. Usually, Google does its job well: suspect messages end up in spam and are never open. But this time, the scam passed between the meshes of the net. A very well designed email, with all the signs of a real official message, is found in the middle of your reception box. And it can do big damage.
The message seems to come directly from Google, with the address “no-reply@google.com”, good policies, good logos. It even passes the safety controls usually formidable of the system DKIM (Domainkeys identified mail)supposed to verify that the sender is well who he claims to be. This time, he is bypassed. And that is precisely what worries. The email in question explains that a summons to appear was issued against the receiver. He claims that the police need to access data from his Google account. It contains a link. Click is to open the door to hackers. Personal information, sensitive data, files stored on the cloud can be sucked in seconds.
The problem comes from a flaw exploited by a group known as “Rockfoils”. Their technique allows you to send emails by taking Google domain without the system finding it to complain about. This kind of attack is deemed to be difficult to set up, but when it succeeds, it is formidable. And this time, it worked. “We are aware of this type of targeted attack on the part of the malicious actor Rockfoils and have deployed protections during last week”, Google spokesperson said Newsweek. The company ensures that it is actively working to correct the shot. The complete blocking of this method is being deployed, but for the moment, caution remains in order.
For those who have received this email, it is better to open anything, click on anything, and report it to Google. It is identifiable: he claims that you are under legal proceedings and uses the subject “Google Legal Notice (Subpoena)”. If it appears in your box, delete it without hesitation. And keep an eye on Google’s next communications concerning this vulnerability.
