Google Spoofed DKIM Relay Attack
Clever buggers
In a rather clever attack, hackers leveraged a weakness that allowed them to send a fake email that seemed delivered from Google’s systems, passing all verifications but pointing to a fraudulent page that collected logins
Phishers abuse Google OAuth to spoof Google in DKIM replay attack
In a rather clever attack, hackers leveraged a weakness that allowed them to send a fake email that seemed delivered from Google’s systems, passing all verifications but pointing to a fraudulent page that collected logins.
Ionut Ilascu
More details here
Google Spoofed Via DKIM Replay Attack: A Technical Breakdown
Learn how a convincing Google spoof used a DKIM replay attack to bypass email security and trick users with a fake subpoena. A real-world phishing example you need to see.
Gerasim Hovhannisyan
#enoughsaid