Phishing Scam Exploits Gmail Infrastructure Vulnerabilities

A new, highly sophisticated phishing scam is targeting Gmail users, with attackers sending emails from what appear to be legitimate no-reply Google addresses and exploiting vulnerabilities in Google's infrastructure. These phishing attempts often mimic legal notifications and direct users to convincing fake Google support portals, making them difficult to detect. Security experts such as Nick Johnson from Ethereum Name Service have warned about the increasing complexity of these attacks. Google has confirmed the threat and urges users to enable passkeys and device-based two-factor authentication, avoid SMS-based 2FA, and never respond to unsolicited requests for credentials. Users are also encouraged to report phishing attempts to the FTC or Anti-Phishing Working Group. The rise of AI-driven techniques further underscores the need for immediate and robust security measures.