Stay vigilant against a new and sophisticated Google phishing scam that has been circulating recently. Attackers are sending emails that appear to be from "[email protected]" and include an urgent warning that law enforcement is seeking information from the recipient’s Google Account. According to Bleeping Computer, these phishing attempts leverage Google’s "Sites" web-building app to create convincing, realistic-looking websites and emails designed to pressure victims into surrendering their credentials. The scam is particularly deceptive because it manages to bypass DomainKeys Identified Mail (DKIM) authentication, a security measure designed to flag fake emails. Normally, DKIM checks the message content and headers to verify the email's authenticity. However, in this case, the scammers used Google’s own tool to craft their fraudulent emails. By entering the full text of the email as the name of their fake app, the scammers ensure that this text is automatically included in an email sent by Google to their chosen address. When the scam email is forwarded to a user’s Gmail inbox, it remains signed and valid because DKIM only authenticates the initial message and its headers. This method has been used before, notably in attacks on PayPal users last month where the same DKIM relay technique was employed. Instead of directing users to the legitimate Google Accounts page, the phishing emails link to a realistic-looking support portal on sites.google.com. The goal is to trick recipients into believing the page is genuine, making it all the more important to scrutinize the URL before entering any sensitive information. Ethereum Name Service developer Nick Johnson fell victim to this scam and reported it to Google, noting the misuse of Google OAuth applications as a security vulnerability. Initially, Google dismissed the issue, stating it was "working as intended." However, following further scrutiny and pressure, the company has now acknowledged the problem and is actively working on a fix. This scam underscores the ongoing challenge of keeping up with increasingly sophisticated phishing techniques. Google’s response, while initially dismissive, highlights the need for continuous vigilance and adaptive security measures. Users should remain cautious and verify any unexpected or urgent emails, especially those directing them to enter personal information on external links. For more on this and other security issues, stay tuned to tech news and updates from Google.