New Phishing Scam Targets Gmail Users with Fake Google Emails, Exposes Vulnerabilities
This kind of email warns that your Gmail account is being reviewed due to some recent activity and asks you to verify your account.
New Phishing Scam Targets Gmail Users with Fake Google Emails, Exposes Vulnerabilities, latest news:
A new and alarming phishing scam is making the rounds, targeting Gmail users through emails that appear to come from a legitimate Google address.
According to a report by India Today, the fraudulent emails are sent from the seemingly trustworthy no-reply@google.com, urging users to “verify your account activity to prevent your Gmail from being deactivated.”
The first known case of this sophisticated scam was reported by an X user, Nick Johnson. In his post, Johnson shared, “Recently, I was targeted by an extremely sophisticated phishing attack, and I want to highlight it here. It exploits vulnerabilities in Google's infrastructure,” he said.
The fraudulent email mimics the company's branding, featuring the correct logo and using language that appears official, the report said, and it is designed to steal your data.
"The first thing to note is that this is a valid, signed email - it really was sent from no-reply@google.com. It passes the DKIM signature check, and Gmail displays it without any warnings - it even puts it in the same conversation as other legitimate security alerts,” Johnson wrote in his post.
This kind of email warns that your Gmail account is being reviewed due to some recent activity and asks you to verify your account by clicking on a "review activity" button. Clicking on it prompts an urgent message saying, “Failure to act will result in account suspension within 24 hours.”
Johnson confirmed to India Today, as reported, that Google has acknowledged the issue and plans to fix the bug. He stated, “Google has reconsidered and will be fixing the OAuth bug.”
Once scammers gain access to your credentials, they can access your emails, steal personal data, and even use your account to send more fraudulent emails to your contacts, the report warned.
“From there, presumably, they harvest your login credentials and use them to compromise your account. I haven’t gone further to check. So, how did they do it - especially with the valid email? This is due to two vulnerabilities in Google's infrastructure that they have declined to fix,” Johnson explained.
These scammers can ask users to enter their recovery email, phone number, and even two-factor authentication codes, gaining full control of your account and potentially locking you out completely, the report said.
( For more news apart from, 'New Phishing Scam Targets Gmail Users with Fake Google Emails, Exposes Vulnerabilities,’ Stay tuned to Rozana Spokesman)