Phishing scammers targeting crypto users are getting sneakier, and now they’re using Google’s own infrastructure to launch extremely convincing attacks.
On April 16, Nick Johnson – the guy behind Ethereum Name Service (ENS) – sounded the alarm on a dangerous new tactic that puts crypto users at serious risk. It starts with an email that looks like an official security alert from Google. The wild part? These emails are actually signed with valid DKIM signatures, so they slide right past spam filters and land in your inbox looking totally legit.
Once you open the email, it sends you to a fake Google support page hosted on a real Google subdomain using Google Sites. Everything about it looks official – logos, layout, even fake contact info for Google Legal Support. Victims are asked to log in and upload sensitive documents, which end up in the hands of the scammers. That means your Gmail credentials could be exposed, and if your crypto wallets or exchanges are tied to that email? You’re in trouble.
Nick Johnson pointed out that this whole phishing setup is made possible through Google Sites, which lets users embed custom scripts and content. That flexibility is great for real users, but scammers are now weaponizing it. Even worse, there’s no direct way to report abuse through Google Sites, so these fake pages stay up longer than they should. Johnson didn’t hold back – he said Google should seriously consider cutting back on these features to stop abuse like this.
To make things worse, the scammers even built a custom Google OAuth app to spread these phishing messages. It helps make the whole thing look polished and “official.” So while Google’s tools were meant to support productivity, they’re now being twisted into scam machines.
Johnson did report this to Google, but the response wasn’t great. Google told him the phishing method didn’t qualify as a security bug and basically said it was working as intended. That’s a frustrating response, especially when you consider how much damage is being done. Phishing attacks like this are growing fast, and the crypto space is getting hit the hardest.
The numbers don’t lie. According to Scam Sniffer, nearly 6,000 people lost a combined $6.37 million to phishing scams in just March 2025. And for Q1 overall? Over 22,000 victims and a jaw-dropping $21.94 million gone. With scammers now using legit tools like Google Sites, these attacks are way harder to detect – and even harder to shut down.
So what can you do? First off, don’t trust any “Google support” emails without verifying the sender. Look at the URLs before clicking anything, and never upload sensitive documents through unfamiliar portals – even if the page looks real. If you’re deep into crypto, consider using hardware wallets and separate emails for each platform to reduce the risk. And spread the word. These scams rely on people not knowing what to look for.
