Google is suing over 25 individuals linked to Lighthouse, a phishing service that enables scammers to impersonate trusted brands and steal payment card data via text messages. The suit aims to disrupt a network known for targeting over a million victims worldwide, using sophisticated tactics to enroll stolen card information into mobile wallets.

A phishing campaign is impersonating well-known brands like Disney and Mastercard to steal Google Workspace and Facebook business account credentials. The attackers use fake Calendly invitations to lure victims, leading them to phishing pages designed to capture sensitive login information. The campaign employs advanced techniques to bypass security measures, making it a significant threat.

This article examines how Device Code Phishing exploits the OAuth 2.0 authentication process used by Microsoft and Google. It details the mechanics of the attack, illustrating how attackers can trick users into providing access tokens through a seemingly legitimate flow. The comparison highlights the different security postures of the two identity providers.

Google has introduced new AI tools designed to enhance security for Chrome users, specifically targeting phishing and scam threats. These tools aim to proactively identify and block malicious sites, thereby improving the overall safety of browsing experiences for users worldwide.

A sophisticated phishing campaign is leveraging weaknesses in Google Sites to spoof Google no-reply email addresses, allowing attackers to bypass email authentication checks. By redirecting users to deceptive Google Sites pages, the campaign exploits the platform's trusted domain and SSL certificates to appear legitimate.

A recent phishing scam has been exploiting Google's email system by using "no-reply" addresses to trick users into revealing sensitive information. The scam takes advantage of legitimate-looking emails to bypass security measures, highlighting the need for better user awareness and email authentication practices. Google has taken steps to improve its security protocols to combat such fraudulent activities.

Google is leveraging advancements in AI to combat online scams across its platforms, including Search, Chrome, and Android. By enhancing their detection systems and implementing on-device models like Gemini Nano, they aim to significantly reduce scams such as phishing, tech support fraud, and deceptive notifications while adapting to new threats in real-time.

Google Gemini for Workspace can be exploited through prompt-injection attacks that generate misleading email summaries, potentially leading users to phishing sites without attachments or direct links. Researcher Marco Figueroa revealed this vulnerability, highlighting how hidden instructions in emails can manipulate Gemini's output, prompting users to trust false security alerts. Google is aware of the issue and is implementing defenses against such attacks.