All Gmail users at risk from clever “law enforcement” replay attack

R H

Source: malwarebytes.com 4/22/25
[ACSOL note: We registrants can be fearful of law enforcement and this scam plays on our fears.]

Cybercriminals are abusing Google’s infrastructure, creating emails that appear to come from Google in order to persuade people into handing over their Google account credentials.

This attack, first flagged by Nick Johnson, the lead developer of the Ethereum Name Service (ENS), a blockchain equivalent of the popular internet naming convention known as the Domain Name System (DNS).

Nick received a very official looking security alert about a subpoena allegedly issued to Google by law enforcement to information contained in Nick’s Google account. A URL in the email pointed Nick to a sites.google.com page that looked like an exact copy of the official Google support portal.

Read the full article

 

Related posts

Subscribe
Notify of

We welcome a lively discussion with all view points - keeping in mind...

 

  1. Submissions must be in English
  2. Your submission will be reviewed by one of our volunteer moderators. Moderating decisions may be subjective.
  3. Please keep the tone of your comment civil and courteous. This is a public forum.
  4. Swear words should be starred out such as f*k and s*t and a**
  5. Please avoid the use of derogatory labels.  Always use person-first language.
  6. Please stay on topic - both in terms of the organization in general and this post in particular.
  7. Please refrain from general political statements in (dis)favor of one of the major parties or their representatives.
  8. Please take personal conversations off this forum.
  9. We will not publish any comments advocating for violent or any illegal action.
  10. We cannot connect participants privately - feel free to leave your contact info here. You may want to create a new / free, readily available email address that are not personally identifiable.
  11. Please refrain from copying and pasting repetitive and lengthy amounts of text.
  12. Please do not post in all Caps.
  13. If you wish to link to a serious and relevant media article, legitimate advocacy group or other pertinent web site / document, please provide the full link. No abbreviated / obfuscated links. Posts that include a URL may take considerably longer to be approved.
  14. We suggest to compose lengthy comments in a desktop text editor and copy and paste them into the comment form
  15. We will not publish any posts containing any names not mentioned in the original article.
  16. Please choose a short user name that does not contain links to other web sites or identify real people.  Do not use your real name.
  17. Please do not solicit funds
  18. No discussions about weapons
  19. If you use any abbreviation such as Failure To Register (FTR), Person Forced to Register (PFR) or any others, the first time you use it in a thread, please expand it for new people to better understand.
  20. All commenters are required to provide a real email address where we can contact them.  It will not be displayed on the site.
  21. Please send any input regarding moderation or other website issues via email to moderator [at] all4consolaws [dot] org
  22. We no longer post articles about arrests or accusations, only selected convictions. If your comment contains a link to an arrest or accusation article we will not approve your comment.
  23. If addressing another commenter, please address them by exactly their full display name, do not modify or abbreviate their name. 
ACSOL, including but not limited to its board members and agents, does not provide legal advice on this website.  In addition, ACSOL warns that those who provide comments on this website may or may not be legal professionals on whose advice one can reasonably rely.  
 

4 Comments
Inline Feedbacks
View all comments

It baffles me how people still fall for this stuff.

The basic rule that law enforcement will never contact you for a warrant by any other means than IN PERSON. End of story.

Phone, mail and email are all scams.

0
Reply

As with those scam calls, no LE is going to prewarn you about such things. If LE was after your info and did in fact have a court warrant that was issued to Google, you definitely wouldn’t be notified of this.

1
Reply

Wonder if law enforcement has ever used this trick?

0
Reply

I do wish those emails saying I won 5 million were real, i’d donate to advocacy groups.

0
Reply