Warning: Do not trust *.g.co urls! #GoogleWorkspace domain verification seems to be quite lax and allow arbitrary .g.co to be created. This allows for extremely convincing #phishing to be performed

Harry Sintonen@infosec.exchange to Cybersecurity@fedia.io · 11 days ago

Warning: Do not trust *.g.co urls! #GoogleWorkspace domain verification seems to be quite lax and allow arbitrary .g.co to be created. This allows for extremely convincing #phishing to be performed where all communication appears to be coming from “google”.

ref. https://gist.github.com/zachlatta/f86317493654b550c689dc6509973aa4

#infosec #cybersecurity

You must log in or register to comment.

Chat