DKIM Replay Attack Using Google Sites: A Fake Subpoena Scam
2025-07-25
A friend received an email seemingly from Google, claiming a court subpoena demanding access to their Google account. While the email appeared legitimate at first glance, header inspection revealed a DKIM replay attack. The attacker used Google Sites to create a phishing site mimicking an official Google support page, forwarding the email via Namecheap's PrivateEmail service, bypassing SPF, DKIM, and DMARC verification. This case highlights the danger of leveraging trusted infrastructure (like Google Sites) for attacks, reminding us to be wary of any suspicious emails demanding urgent action or containing links to login pages.
Read more
Tech
DKIM Replay Attack