The phishing scammers targeting crypto users are getting sneakier, and now they’re using Google’s own infrastructure to launch extremely convincing attacks.
On April 16, Nick Johnson-the man behind Ethereum Name Service-sounded the alarm on a dangerous new tactic that puts crypto users at serious risk. It starts with an email that for all the world looks like an official security alert from Google. The wild part? These emails are actually signed with valid DKIM signatures-so they slide right past spam filters and into your inbox looking totally legit.
Once opened, it links directly to a faked-out Google support page hosted on an actual Google subdomain through Google Sites. It looks official, everything from logos and layout to fake contact info for Google Legal Support. Victims are asked to log in and upload sensitive documents that land in the hands of the scammers. That means your Gmail credentials could be exposed, and if your crypto wallets or exchanges are tied to that email, well, you’re in trouble.
Nick Johnson noted that this entire phishing configuration is possible through Google Sites, which allows users to embed custom scripts and any content. That flexibility is great for real users, but scammers are now weaponizing it. Even worse, there’s no direct way to report abuse through Google Sites, so these fake pages stay up longer than they should. Johnson didn’t hold back, saying Google should seriously consider cutting back on these features in order to stop such abuse.
To make things worse, fraudsters even created a custom Google OAuth app just to proliferate these phishing messages. It helps make the whole thing look polished and “official.” So while Google’s tools were meant to support productivity, they’re now being twisted into scam machines.
Johnson did report this to Google, though, and the response wasn’t great. Google told him that the phishing method didn’t count as a security bug and basically said it was working as intended. That is frustrating for all concerned, given the damage being wrought. These phishing attacks are growing fast, and the crypto space is getting hit the hardest. The numbers don’t lie: from Scam Sniffer, nearly 6,000 people lost a combined $6.37 million to phishing scams in just March 2025.
And for Q1 overall? Over 22,000 victims and a jaw-dropping $21.94 million gone. Using legit tools like Google Sites, these attacks are way harder to detect-and even harder to shut down. So, what can you do? For one, don’t trust any “Google support” emails without verifying the sender. Look at the URLs before you click on anything, and never upload sensitive documents through portals with which you’re unfamiliar-even if the page looks real.
If you’re deep into crypto, consider hardware wallets and separate emails for each platform to reduce the risk. And spread the word. These scams rely on people not knowing what to look for.
- Dolly’s Locations in Cincinnati and Dayton Closing Early Ahead of Final Day - October 24, 2025
- National Guard Deployment to San Francisco Put on Hold After Trump Talks With Tech Leaders - October 24, 2025
- Mayor Eric Adams Backs Andrew Cuomo to Halt Zohran Mamdani’s Rise in NYC Race - October 24, 2025
