Lead developer of ENS & Ethereum Foundation alum. Certified rat tickler. he/him.
bsky: https://t.co/RdZTUkWNq2
wc: https://t.co/nvP0lHPJqz
Apr 16 • 20 tweets • 7 min read
Recently I was targeted by an extremely sophisticated phishing attack, and I want to highlight it here. It exploits a vulnerability in Google's infrastructure, and given their refusal to fix it, we're likely to see it a lot more. Here's the email I got:
The first thing to note is that this is a valid, signed email - it really was sent from no-reply@google.com. It passes the DKIM signature check, and GMail displays it without any warnings - it even puts it in the same conversation as other, legitimate security alerts.