Font size:
Decrease - Increase +
Page background:
Ordinary White Black Blue
Letter spacing:
Ordinary Average Big
Images:
On Off
Disable visually impaired version close
Version for visually impaired people
News

Attackers exploit Google’s official domain to distribute phishing emails

26 december

Researchers at Check Point have uncovered a dangerous phishing campaign in which attackers managed to send malicious emails using Google’s official @google.com domain. By doing so, the perpetrators successfully bypassed many standard email security filters that rely on domain reputation.

The attackers exploited Google Cloud’s Send Email functionality: a legitimate service that allows customer applications to send email notifications to arbitrary recipients. The feature is commonly used for system alerts, automated reports, and service notifications, for example, by IT teams. As stated in Google’s documentation, users can “send emails to one or more recipients with a custom subject and message body.” However, cybercriminals found a way to abuse this mechanism to generate phishing emails that appeared to originate directly from Google’s infrastructure.

The messages closely replicated the visual style and formatting of genuine Google notifications, including familiar layouts, branding, and tone. Typical lures included voicemail alerts, file access notifications, and other routine corporate messages. The embedded links initially point to the googleusercontent.com domain, but from there, victims are redirected through a chain of URLs to a malicious website designed to mimic Microsoft’s login page. All credentials entered on this page were immediately harvested by the attackers.

According to Cybernews, over the past two weeks alone, the abusers delivered 9,394 phishing emails to approximately 3,200 recipients. All messages were sent from the legitimate address noreply-application-integration@google.com, significantly increasing their credibility and success rate. Google has since confirmed that countermeasures have been implemented and emphasized that the incident did not involve a compromise of its core infrastructure. Instead, the company described the attack as an abuse of workflow automation tools intended for legitimate use. However, it must be noted that even the apparent legitimacy of the sender’s domain can no longer guarantee email security.

Previous News Next news

Read also in the section "News"

26 december Working meeting of Coordination Center Youth Council took place at the center’s office 26 december The price of error: AI in medicine 25 december Center for Global IT Cooperation marks fifth anniversary 24 december Coordination Center Youth Council holds roundtable discussion on Internet Governance: Voice of the Young Generation 24 december Educate, educate, and educate further 24 december Major US corporation’s claims to pnc.co.uk and pnc.uk domains rejected twice
Contact us
+7 495 730-29-71 Call Ask a question
About the center What we do
Management structure
Contact information
Services WHOIS
WHOIS+
Domain selection
Trademark check
Domain security
Expiring domains
Media center News
Publications
Events
Domains .RU domain names
.РФ domain names
Domain name registrars
Official documents
Help Domains and trademarks
Information security
Internet literacy