Threat actors have conducted a highly sophisticated phishing attack by sending fake emails through Google’s infrastructure to redirect recipients to fraudulent websites for credential harvesting. The emails appeared to be valid and signed, giving the impression that they were sent from a legitimate Google address such as [email protected]. This uncommon technique has raised concerns about the vulnerability of email systems to such attacks and underscores the need for improved security measures to combat phishing threats.