The Queen of Emails Has Fallen – If Even Google Falls for Phishing, What Does That Say About Us?

The post describes a security breach at Google where hackers exploited a vulnerability in the DKIM protocol to send seemingly legitimate phishing emails. The hackers created a Google account with a new domain, developed an OAuth application with a name containing the phishing message, and then obtained permissions for the account. They then forwarded a real Google alert email, signed with DKIM, via services like Outlook and PrivateEmail, retaining the original signature. This allowed the email to pass all security checks, including DMARC, DKIM, and SPF, as if it had been sent by Google itself.