Binance Users Beware: Phishing Attack Exploits Google’s Own Infrastructure

According to BlockBeats, SlowMist founder Yu Jian revealed on social media that the ENS chief developer was recently targeted in a phishing attack exploiting a vulnerability within Google's infrastructure. The phishing group deceived users by sending emails disguised as official Google communications, tricking them into believing they were under law enforcement scrutiny. Despite Google's efforts to counteract these attacks, the group launched a new wave of phishing attempts, continuing to lure users to subdomains under "google.com" to extract account passwords and immediately add Passkeys.

Previously, on April 16, ENS chief developer nick.eth reported a highly sophisticated phishing attack that leveraged a flaw in Google's infrastructure, which Google has refused to fix. He noted that the phishing emails appeared very authentic, passing DKIM signature verification and being displayed normally in Gmail, alongside other legitimate security warnings. The attackers exploited Google's "Sites" service to create a convincing "support portal" page, leading users to mistakenly trust the domain containing "google.com" as secure. Users are advised to remain vigilant.