Sorry if this is not a direct Linux question but I only use Linux. I am not sure if that matters in this case.
I have been occasionally getting phishing emails claiming to be from CVS and promising some wonderful gifts if I take a short survey. I know it is a scam, of course, and so I have examined the email source data. It always has the same Google address, specifically for Mountainview CA. It passes all tests for DKIM, SPF and DMARC. The language is often grammatically screwed up. and there is usually a very long base64 encryption which seems to be necessary for this scheme. When translated I usually find scattered pieces from LA Times and material from, what appears to be random web pages. They can be from Brazil, Australia or some other advertising from companies in the USA.
I am curious if Google knows their IP address is being used this way. I wonder also, how do they do this? I also wonder if the companies whose web pages have been evidently hacked this way have any reason to be concerned.
I have reported it to Google and even the District Attorney. There has been no interest in it. I did report it to a computer society in Australia and they thanked me but that is all I have heard.
Randall Detra