Gmail users at risk of sophisticated phishing attack and even seasoned techies are falling for the scam

Hackers are turning inboxes into danger zones.Google has issued an urgent warning to its 3 billion Gmail users after confirming a “sophisticated” phishing scam targeting unsuspecting emailers — and the cyber crooks are so sneaky, even seasoned techies are falling for it.Developer Nick Johnson sounded the alarm on social media — after nearly getting duped by a con so slick it used Google’s own infrastructure to look legit.“Recently I was targeted by an extremely sophisticated phishing attack,” Johnson posted on April 16. “It exploits a vulnerability in Google’s infrastructure, and given their refusal to fix it, we’re likely to see it a lot more.”The trap came disguised as an official-looking email claiming he’d been hit with a subpoena tied to his Google account. It even came from what appeared to be a real Google address.“The only hint it’s a phish is that it’s hosted on sites.google.com instead of accounts.google.com,” Johnson noted in the X thread.Clicking the link led to a bogus “support portal” with dead-on duplicates of real Google login pages — designed to trick users into handing over their credentials.“From there, presumably, they harvest your login credentials and use them to compromise your account,” Johnson warned. “It even puts it in the same conversation as other, legitimate security alerts.”Worse yet, the shady email passed Google’s DKIM (DomainKeys Identified Mail) check, meaning Gmail treated it like just another ho-hum message.In a recent statement to The Daily Mail, a Google spokesperson said, “We’re aware of this class of targeted attack from this threat actor and have rolled out protections to shut down this avenue for abuse.In the meantime, we encourage users to adopt two-factor authentication and passkeys, which provide strong protection against these kinds of phishing campaigns.”Google says it’s already blocked the loophole that enabled the scam — and has rolled out fresh advice t...