Is an email from Google, verified and sitting in your main inbox, always safe? Recent events demand caution. A remarkably sophisticated phishing operation, named “Rockfoils” by Google, exposed how attackers can manipulate trusted digital platforms. This campaign, first brought to widespread public attention in April 2025 through a detailed account by software developer Nick Johnson (@nicksdjohnson on X/Twitter), put potentially billions of Gmail accounts worldwide at risk. It marked a worrying step up from typical phishing methods. The attackers exploited Google’s own infrastructure, achieving a convincing facade of authenticity. This analysis by best IT support in Brisbane examines the campaign’s mechanics, drawing on Johnson’s initial reports and subsequent findings, and outlines essential user protection strategies.