【慢雾余弦:钓鱼团伙借助Google子域名实施新一轮钓鱼攻击,诱导用户泄露账户密码】金色财经报道,慢雾创始人余弦在社交媒体上发文表示,此前 ENS 首席开发者遭钓鱼攻击,该攻击利用了谷歌基础设施中的一个漏洞。该钓鱼团伙通过伪装 Google 官方的钓鱼邮件,欺骗用户被执法盯上。虽然 Goolge 进行对抗升级。但是今日该钓鱼团伙实施新一轮钓鱼攻击,且会继续引诱用户到“google.com”子域名下,诱导用户泄露账户密码,并立即添加 Passkey。BlockBeats 此前报道,4 月 16 日,ENS 首席开发者 nick.eth 发文称,其遭遇了一次极其复杂的网络钓鱼攻击,该攻击利用了谷歌基础设施中的一个漏洞,但谷歌拒绝修复该漏洞。他表明,攻击邮件看起非常真实,能够通过 DKIM 签名验证,并被 GMail 正常显示,且与其他合法的安全警告放在同一对话中。攻击者利用了谷歌的“站点”服务,创建了一个令人信任的“支持门户”页面,因为用户会看到域名中包含“google.com”而误以为是安全的,用户需保持谨慎。
Disclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.