The scam begins with fake “New Voice Notification” emails that appear to come from legitimate voicemail services.
The email includes a “Listen to Voicemail” button that, when clicked, takes the victim through several intermediary websites, including a fake CAPTCHA page to create a sense of security, before redirecting to a complete replica of the Gmail login page.
Phishing emails use "new voicemail" notifications to lure users into logging in. Photo: SCS
Here, users are tricked into entering their email, password, and additional layers of security such as two-factor authentication, backup codes, and security questions. All data is immediately sent to a server controlled by the attacker.
What makes this campaign particularly dangerous is that the attackers used the Microsoft Dynamics platform (mkt.dynamics.com), a legitimate marketing service, to host the first stage.
This makes it harder for the email to be flagged as suspicious. The malware that creates the fake login page also uses AES encryption to hide it, has anti-debugging features, and redirects it through multiple servers in Russia and Pakistan to make the investigation more difficult.
Experts warn that this is a major step forward in fraud techniques, combining both sociology (creating trust with CAPTCHA, Google interface) and taking advantage of legitimate infrastructure to evade censorship.
Gmail passwords are easily stolen by phishing.
In another development, PCWorld said users of Google services, such as Gmail and Google Cloud, are facing a significant increase in phishing attempts.
A Reddit post points out that Gmail users are now being targeted by text message phishing attacks from phone numbers with the 650 area code.
Scammers claiming to be from Google contact victims to warn them about a security vulnerability affecting their accounts. In these calls, the attackers attempt to take over the victims’ Gmail accounts by asking them to reset their passwords and provide this information.
Additionally, another phishing technique known as “dangling bucket” has been reported, in which hackers test outdated login addresses to install malware on Google Cloud accounts or steal data.
With 2.5 billion Gmail and Google Cloud users, both businesses and individuals need to be vigilant against the rise of phishing attempts and online attacks.
What should users do?
- - Always be wary of strange voicemail notification emails.
- - Only log in to Gmail via Google's official website.
- - If you suspect you've entered information on a fake site, immediately change your password, check recent login activity, and re-enable security layers.
- - Organizations should implement advanced email filtering solutions and train employees on new forms of phishing.
Security teams are also advised to block domains associated with this campaign, particularly horkyrown[.]com, which has been identified as part of the attack infrastructure.
Source: https://khoahocdoisong.vn/nguoi-dung-gmail-doi-mat-chien-dich-lua-dao-chua-tung-co-post2149046980.html
![[Photo] President Luong Cuong receives delegation of the Youth Committee of the Liberal Democratic Party of Japan](https://vstatic.vietnam.vn/vietnam/resource/IMAGE/2025/8/22/2632d7f5cf4f4a8e90ce5f5e1989194a)
Comment (0)