🔵ENS Lead Developer Reveals Vulnerability Allowing Phishers to Mimic Official Google Alerts

According to a report by DeThings on April 17th, , Nick Johnson, the lead developer of ENS, has revealed a sophisticated phishing attack that exploits vulnerabilities in Google's systems, particularly a recently patched OAuth vulnerability. According to Johnson, attackers are sending fraudulent emails that appear to be from Google's legal department, falsely claiming that the recipient's account is involved in a subpoena investigation. These emails have genuine DKIM digital signatures and are sent from Google's official no-reply domain, allowing them to easily bypass Gmail's spam filters. Johnson points out that the credibility of the scam is greatly increased by a hyperlink to a fake support portal at . This fake Google login page exposes two major security vulnerabilities: first, the Google Sites platform allows arbitrary script execution, enabling criminals to create credential-stealing pages; and second, the OAuth protocol itself has flaws.

Johnson criticized Google for initially considering the vulnerability "working as intended" and emphasized that it poses a serious threat. To make matters worse, the fake portal uses the trusted domain as cover, greatly reducing user vigilance. In addition, Google Sites' abuse reporting mechanism is inadequate, making it difficult to shut down illegal pages in a timely manner. Under public pressure, Google finally acknowledged the problem. Johnson later confirmed that Google plans to fix the flaws in the OAuth protocol. Security experts are reminding users to remain vigilant, to be skeptical of any unexpected legal documents, and to carefully verify the authenticity of URLs before entering credentials.