A new phishing scam targeting Gmail users has recently been making the rounds, and it’s alarmingly sophisticated. The scam is delivered through emails that appear to be from Google, using the official branding, logo, and even the correct sender address — [email protected]. Initially, this might make the email seem legitimate, but it’s a scam designed to steal your personal information.
The email typically warns users that their Gmail account is being reviewed due to unusual activity. It urges recipients to “verify your account activity” by clicking on a “Review Activity” button, claiming that failure to do so will result in account suspension within 24 hours. This sense of urgency is a common tactic used in phishing attacks to pressure users into acting quickly without thinking.
One key feature of this phishing scam is that the email passes DKIM signature checks and appears to come from a valid Google address. According to Nick Johnson, who was one of the first to report the scam, this vulnerability exploits weaknesses in Google's infrastructure, allowing the scammers to send emails that bypass Gmail’s usual warning mechanisms. The scam email even appears in the same conversation thread as legitimate Google security alerts, making it harder for users to distinguish between real and fake communications.
However, despite the email's authenticity at first glance, there are clear signs that should raise suspicion:
-
The email address, while appearing to be @google.com, may have subtle irregularities or extra characters that don’t quite match a legitimate Google domain.
-
Clicking the links in the email leads to a fake website that mimics Google’s sign-in page. Once users enter their Gmail login credentials, scammers gain full access to their account.
The potential risks associated with this scam are significant. In addition to stealing email login details, scammers could gain access to sensitive data, send more phishing emails to your contacts, and even request recovery details, such as phone numbers and two-factor authentication codes, giving them complete control over your account.
What to do if you receive such an email:
-
Do not click on any links in the email. Instead, open Gmail in a new tab and navigate directly to your account settings to review your activity and security settings.
-
Report the email as phishing to help Google identify and block similar scams. You can do this by clicking the three-dot menu at the top right corner of the email and selecting "Report phishing."
-
Enable two-factor authentication (2FA) on your Gmail account for an additional layer of security, making it harder for scammers to access your account even if they have your login details.
How to spot phishing attempts:
-
Always double-check the sender's email address.
-
Look out for any urgent threats or grammar errors in the email.
-
Never enter your password or other sensitive information on unfamiliar websites.
Google has acknowledged the issue and is working to fix the underlying vulnerabilities in its infrastructure. As of now, the company has confirmed that it will address the oAuth bug that made this scam possible.
This phishing attack highlights the ongoing dangers of online scams and the sophistication of modern cyber threats. It’s essential to remain cautious and vigilant, especially when dealing with emails that seem to come from trusted sources like Google.
