The Alarming Rise of Google-Abused Phishing Scams in the Crypto Realm

The Alarming Rise of Google-Abused Phishing Scams in Crypto

Exploiting Google’s Ecosystem

Nick Johnson, the founder and lead developer of Ethereum Name Service (ENS), recently shed light on a concerning trend where attackers manipulate Google’s services to their advantage. These cybercriminals have discovered a loophole within Google’s ecosystem that allows them to send phishing emails disguised as legitimate security alerts from Google itself.

The deceptive emails come with valid DomainKeys Identified Mail (DKIM) signatures, which help them bypass spam filters and appear trustworthy to unsuspecting recipients. As a result, once these emails are opened, users are directed to a counterfeit support portal hosted on a Google subdomain. What’s worse, this fake page deceives victims into logging in and uploading sensitive documents, compromising their personal information and potentially their crypto assets.

In turn, the attackers gain access to sensitive data, continuing the cycle of exploitation.

The Role of Google Sites

The phishing sites are constructed using Google’s Sites platform, which permits custom scripts and embedded content. On one hand, this feature is a boon for legitimate users; however, it also provides a potent tool for malicious actors to create authentic-looking phishing portals. In addition, Johnson highlighted a significant oversight in the Google Sites interface—there is currently no direct method to report abuse, consequently allowing these phishing operations to persist undetected.

As a result, the platform becomes an unwitting ally for cybercriminals. To make matters worse, Johnson expressed his concerns, stating, “Google long ago realised that hosting public, user-specified content on google.com is a bad idea, but Google Sites has stuck around. IMO they need to disable scripts and arbitrary embeds in Sites; this is too powerful a phishing vector.”

Therefore, it’s critical to address this issue before the situation worsens. In the long run, leaving it unresolved could lead to even more severe security risks.

Google’s Stance on the Issue

Upon discovering this vulnerability, Johnson reported it to Google. Surprisingly, the response was unexpected. Google reportedly closed the bug report stating that the features were ‘Working as Intended’ and did not recognize it as a security bug. As a result, this response has raised eyebrows in the cybersecurity community, prompting calls for Google to reconsider its stance and implement stricter controls on script and embedding functionalities on its platforms.

The Growing Threat

This incident underscores the increasing complexity of phishing campaigns within the cryptocurrency space. According to data from Scam Sniffer, nearly 6,000 users lost approximately $6.37 million to phishing scams in March 2025 alone. To put it into perspective, in the first quarter of the year, the total losses amounted to a staggering $21.94 million across 22,654 victims.

The sophistication of these scams, combined with the use of reputable platforms like Google, presents a formidable challenge in the fight against cybercrime. What’s more, as these threats evolve, so must the vigilance and preparedness of both individuals and platforms involved. In addition, this highlights the urgent need for better preventative measures. Ultimately, the ongoing arms race between cybercriminals and defenders continues to intensify.

For those involved in the crypto space, understanding the mechanics of these scams is crucial. To learn more about safeguarding your digital assets and personal information, explore our insights on crypto talent and security or delve into our comprehensive guide on navigating the new era of cryptocurrency.