Attackers exploit Google's Application Integration service to send phishing from authentic @google.com addresses, bypassing SPF, DKIM, and DMARC.