In an unprecedented partnership they never signed up for, Google and cybercriminals are now working hand-in-hand to ensure your credentials take a permanent vacation. Armed with the power of Google’s infrastructure and a sprinkle of dark magic, phishers sent out impeccably signed emails, officially endorsed by no-reply@google.com—or at least that’s what it says on the label.

Dubbed as an ‘extremely sophisticated phishing attack,’ which is hacker lingo for ‘why isn’t this on LinkedIn yet,’ this phishing fiesta expertly guided users to online traps constructed with all the charm and hospitality of a pop-up ad. Once there, unsuspecting visitors were cordially invited to surrender their credentials in exchange for a chance at eternal digital bliss—or maybe just identity theft.

Meanwhile, tech enthusiasts everywhere are fascinated by this rare alignment of cyberstars. As Nick Johnson pointed out, the email was indeed a ‘valid, signed email,’ marking a new day in the vibrant art of digital deception. Who knew you could get an autograph from Google itself while simultaneously losing access to your bank account?