A new phishing campaign targeting users of exchanges and DeFi platforms uses Google’s infrastructure to distribute malicious emails with an official appearance.
Rather than spoofing senders, attackers exploit Google’s recovery contact request system to send emails that are technically authentic, with fraudulent links inserted in the body of the message. Since the sender corresponds to real Google domains, conventional security filters do not detect the phishing attempt and recipients tend to trust the content.
It seems like the offending site was taken down pic.twitter.com/9tCLk8RMhm
— Fernando Cassia 💚🧡🇦🇷🇮🇹🇪🇺🇺🇦🌐 (@fcassia) May 18, 2026
This methodology incorporates an additional layer of deception: attackers insert large blank spaces within the email to conceal the malicious link below the initially visible area. The upper portion of the message precisely mimics a standard Google security notification, which reduces the likelihood that the user will grow suspicious before scrolling down to the hidden content.
Cryptocurrency users are frequent targets of this type of phishing attack because blockchain transactions are irreversible. Once attackers gain access to credentials, seed phrases or active sessions, the stolen funds are practically unrecoverable.
Source: https://x.com/fcassia/status/2056261257494192414
Disclaimer: Crypto Economy Flash News are based on verified public and official sources. Their purpose is to provide fast, factual updates about relevant events in the crypto and blockchain ecosystem.
This information does not constitute financial advice or investment recommendation. Readers are encouraged to verify all details through official project channels before making any related decisions.
