Hackers are turning their inbox into a risky zone.
Google issued an urgent warning to 3 billion Gmail users after confirming a “sleek” phishing scam targeting unsuspecting emails. Cyber con artists are extremely mean, and even veteran technicians are falling down.
Developer Nick Johnson Social media alarm has been sounded – After being almost fooled by a scammer, I used Google’s own infrastructure to make it look legal.
“I have been targeted by a very sophisticated phishing attack recently,” Johnson posted on April 16th.
“It’s going to see more of that considering it took advantage of a vulnerability in Google’s infrastructure and refused to fix it.”
The trap was disguised as an officially-looking email claiming he was hit with a subpoena tied to his Google account.
It also came from what appears to be a real Google address.
“The only hint that it’s fish is that it’s hosted on sites.google.com instead of an account,” Johnson said in the X-thread.
When I clicked on the link I got a fake “support portal” with duplicate dead-ons for the actual Google login page.
“From there, perhaps, they will harvest your login qualifications and use them to compromise your account,” warned Johnson.
“It even puts it in the same conversation as other legitimate security alerts.”
Worse, Shady Email passed Google’s DKIM (Domainkeys Idefine Mail). In other words, Gmail treated it like another Ho-Hum message.
recently statement A Google spokesperson told Daily Mail: “We are aware of this class of target attacks from this threat actor and have deployed protections to close this path due to abuse. Meanwhile, users are encouraging them to adopt two-factor authentication and PassKey.
Google says it’s already blocking loopholes that allowed scams — and deployed fresh advice to help users dodge similar email traps.
“Google does not ask for account credentials including passwords, one-time passwords, push notifications, etc. Google will not call you,” the spokesman emphasized.
Cybercreep behind the scam used Google sites to lend the reliability of Ruse Ruse by lending the bank to the fact that most people don’t second guess the URLs they’re familiar with.
“These scams are designed to look as realistic as possible,” Johnson warns that many users don’t notice slight tweaks in their domain names.
Gmail users who rely solely on passwords are particularly vulnerable.
If a hacker gets login information and does not use two factor authentication (2FA) or passkey, you can quickly waltz your account.
PassKey, on the other hand, is a hardware tied login method that hackers cannot use by swipe, making it a much safer bet.
Meanwhile, phishing attempts are becoming more difficult to find. Red Flags include clickable links that require ambiguous greetings, urgent tones, and in particular immediate actions regarding personal data and account access.
Google sends emails about account issues, but Tech Titan says you should always reconsider it before clicking.
According to Google Privacy and Terminology Page“When we receive a request from a government agency, we will send an email to our user account before we disclose any information. If your account is managed by your organization, we will notify your account administrator.”
And in case you think you understand that, Google adds: “If it is legally prohibited under the legal prohibition, we will provide you with a notice after the legal prohibition has been lifted.
Conclusion: If you receive a sketchy email asking for personal information, don’t click.
Instead, open the site in a different browser window and double-check the source.
