Phishers abuse Google OAuth to spoof Google in DKIM replay attack

CRANK

In a rather clever attack, hackers leveraged a weakness that allowed them to send a fake email that seemed delivered from Google's systems, passing all verifications but pointing to a fraudulent page that collected logins.