Cybercriminals are abusing Google Sites for phishing attacks

Written by:
Leo Hoogma, 12 May 2025

As a specialist in web hosting, websites and email security we at Hoogma Webdesign regularly blog about clever tricks of cybercriminals that we see passing by. This time we warn about a very sophisticated attack: Cybercriminals who abuse Google Sites. Google Sites is a free and trustworthy platform, but scammers are using it to create phishing websites that look indistinguishable from the real thing.

What's going on?

A recent attack came to light when Nick Johnson received an email purporting to be from Google. The email stated that he was facing official legal proceedings and that he needed to provide documents via a link to a page on sites.google.com.

That page was a perfect copy of the official Google support portal. But here's the clever part: Google Sites is a free service that allows anyone with a Google account to build a website. And that's what these criminals have done: a convincingly fake Google page, hosted on a domain that seems trustworthy.

Why does this work so well?

The emails are technically legitimate. The criminals use a clever trick with Google's own OAuth and DKIM security to make the emails look authentic. The domain name also seems correct; sites.google.com sounds safe, after all, it's owned by Google.

But users are redirected to a fake Google login page. As soon as you enter your details there, you give up everything; your Gmail, Google Drive, Photos, YouTube, and more.

What should you look out for?

• Check the domain. An official Google login page should end with accounts.google.com, not sites.google.com.
• Beware of vague links in emails. Never click on links in unexpected or suspicious emails, even if they appear to come from Google.
• Scrutinize the email header. Even if an email appears to be signed by Google, the sender address and infrastructure could indicate otherwise.
• Use separate login credentials. Avoid logging into other websites with your Google or Facebook account. Create separate accounts where possible.

What can you do if you receive a suspicious email?

Never click on links in emails you do not trust, use two-step verification (2FA) where possible and a password manager to recognize phishing attempts more quickly.

This attack shows once again how creative and persistent cybercriminals are. Even reliable platforms such as Google can be abused. Stay critical, stay vigilant, and take your digital security seriously. We are happy to help you. If you receive something by email, post or telephone that you do not trust, bel, mail or WhatsAppHoogma Webdesign in Beerta, our support team will be happy to help you!

Would you like to read more blog posts? Go to the page Blog.