Hunt Talk Radio - Look for it on your favorite Podcast platform

Warning Users Of GMAIL: DKIM Authenticated Emails Are A Hacker Scam.

Sytes

Sytes

Well-known member
Joined
Sep 25, 2009
Messages
15,055
Location
Montana
It appears and IS noted as part of Google and even lists the alert within Google's credible security alerts - HOWEVER, it is a sophisticated phishing scam! Hackers identified a flaw that clears DKIM security measures!

Google is working on a fix though be very wary of any AUTHENTIC Google ALERTS!

More details here:

www.pcmag.com

Watch Out for This Sophisticated Phishing Email That Looks Like It's From Google

Google says it's rolling out a fix but here's what you should do now to protect yourself.
www.pcmag.com www.pcmag.com
 
I can't think of a scenario where you get subpoenaed in a manner outside of certified mail or a live human showing up to your house to notify you in person. That should have been the first clue.
 
texwest44 said:
I can't think of a scenario where you get subpoenaed in a manner outside of certified mail or a live human showing up to your house to notify you in person. That should have been the first clue.
Click to expand...
Subpoena is merely one method to lure people to click their link that gains access to a person's computer and more specifically all Google cloud, photos, texts, contacts, etc.

The ability to stealthily create a phishing scheme that Google, by default, identifies as an authentic security alert is the alarming aspect.
They have gained true google.com capabilities that Google shares to its users as authentic. That is the troubling factor.

Who knows the variation of schemes utilizing authentic security alert Google messages to people. That is the significant factor.
 
Sytes said:
Subpoena is merely one method to lure people to click their link that gains access to a person's computer and more specifically all Google cloud, photos, texts, contacts, etc.

The ability to stealthily create a phishing scheme that Google, by default, identifies as an authentic security alert is the alarming aspect.
They have gained true google.com capabilities that Google shares to its users as authentic. That is the troubling factor.

Who knows the variation of schemes utilizing authentic security alert Google messages to people. That is the significant factor.
Click to expand...

It's still a small group of people who would fall for an email initiated scam, regardless of sophistication. While I may follow links from emails, it is from emails I have initiated and not cold notifications. Certainly something for people to be aware of though.
Most people who get scammed fly past so many red flags that one more level probably won't matter. I'm always amazed how people are convinced to take money out of their account and give to a complete stranger or go buy apple pay cards for what they think is a legitimate debt. Even heard of one lately where someone converted their 401K into gold and gave to a stranger in a mall parking lot and only later thought it might be a scam.
 
I've gotten phone calls stating that "law enforcement" is en-route to my location due to outstanding warrants. I've never been arrested or gotten any tickets, ever.
I just told them OK I'll be here. ;)
 
kodiakisland said:
It's still a small group of people who would fall for an email initiated scam, regardless of sophistication. While I may follow links from emails, it is from emails I have initiated and not cold notifications. Certainly something for people to be aware of though.
Most people who get scammed fly past so many red flags that one more level probably won't matter. I'm always amazed how people are convinced to take money out of their account and give to a complete stranger or go buy apple pay cards for what they think is a legitimate debt. Even heard of one lately where someone converted their 401K into gold and gave to a stranger in a mall parking lot and only later thought it might be a scam.
Click to expand...
Many people would easily click on an authentic google email, such as this. Is it authenitc? I would believe so. Sure we can preach most people avoid clicking on an authentic Google link though reality - IMO, most people would click this "View Statement".
Great on your part if you are one of the well protective, enter your google account from the google website to view. Grats to you. This is by far, one of the most ingenious means to phish.

To actually convice Google that the link is authentic as a Google statement is a serious skilled breach of Google's own security feature.

Hopefully for the many out there that would click an authentic google link, they will reserve themselves and follow your process.

Maybe this is legit, maybe this is not... I believe it is legit though from the recent DKIM Authentication hack - I'm not touching it. I'll access directly through my Google account.

1745432890735.png

noharleyyet said:
Unpaid toll recovery threats are the latest dozen a day fad on my cell...
Click to expand...

I recerived these for about a week after my return from Florida - via rental car with fully paid tool recovery. Hah! Amazing. A lot of scams, that is certain.
 
“Issued by a law enforcement“
Calling that sophisticated is a stretch. 99.9% of these can be exposed simply by reading and understanding proper grammar.
 
Sytes said:
Many people would easily click on an authentic google email, such as this. Is it authenitc? I would believe so. Sure we can preach most people avoid clicking on an authentic Google link though reality - IMO, most people would click this "View Statement".
Great on your part if you are one of the well protective, enter your google account from the google website to view. Grats to you. This is by far, one of the most ingenious means to phish.

To actually convice Google that the link is authentic as a Google statement is a serious skilled breach of Google's own security feature.

Hopefully for the many out there that would click an authentic google link, they will reserve themselves and follow your process.

Maybe this is legit, maybe this is not... I believe it is legit though from the recent DKIM Authentication hack - I'm not touching it. I'll access directly through my Google account.

View attachment 369501



I recerived these for about a week after my return from Florida - via rental car with fully paid tool recovery. Hah! Amazing. A lot of scams, that is certain.
Click to expand...

Low hanging fruit. Multiple red flags, but people are going to give their stuff up regardless of sophistication. Most people would delete the email without even reading it. Much less think they were really being subpoenaed for their goggle records or think they need to give google their log in info for google to release that info.

I've got many emails in my inbox and my junk folder from verified accounts and fake accounts from places I have an account with and places I don't. If I didn't solicit the email, I'm rarely even reading it, much less clicking on a blind link in it. Some folks are just more inclined to get taken than others, which I suppose is why there are so many scams out there.

I do try to make sure my parents know not to give any info to anyone they didn't initiate contact. Don't answer unknown numbers. If it's important they will leave a message. Don't reply to or click on unknown texts or emails. Don't pay bills with Apple Pay cards, etc. They're almost 80, but I think do have an idea of when someone is trying to get info they don't need.
 
Last edited:
You must log in or register to reply here.
MTNTOUGH - Use promo code RANDY for 30 days free

Latest posts

Forum statistics

Threads
115,450
Messages
2,097,422
Members
37,113
Latest member
gatti

Share this page

Back
Top