In what has been described as an « extremely sophisticated phishing attack, » threat actors have leveraged an uncommon approach that allowed bogus emails to be sent via Google’s infrastructure and redirect message recipients to fraudulent sites that harvest their credentials.
« The first thing to note is that this is a valid, signed email – it really was sent from no-reply@google.com, » Nick Johnson
