|
|
|
|
|
|
by Fokamul
69 days ago
|
|
|
I think in this case and all the others. They're not sending emails directly from their gmail address. But they are adding victim emails to other Google services and then Google themselves send them invitations emails. And if you name your service like "Google helpdesk - password reset" or something like that. Invitation email from Google will look very official, but URL in the email will be controlled by the attacker. It's pretty old working technique used for phishing for years now. Spam report does nothing, since you're reporting official Google email. |
|
|