If you’verecently received an email that appears to be from [email protected] urging you toverify your Gmail account activity or risk deactivation, don’t panic, but alsodon’t click. A new phishing scam is targeting Gmail users, and it’s sowell-crafted that even tech-savvy individuals might fall for it. The emailmimics Google’s branding with stunning accuracy, making it look like alegitimate security alert.
Thewarning signs were first flagged by Nick Johnson, an X user who shareddetails of his experience. “Recently, I was targeted by an extremelysophisticated phishing attack, and I want to highlight it here. It exploits avulnerability in Google’s infrastructure,” he said in a post. His discovery hassince raised alarms among cybersecurity experts and everyday users alike. https://x.com/nicksdjohnson/status/1912439023982834120
Whatmakes this phishing email so dangerous is its apparent legitimacy. It carriesthe Google logo, uses professional-sounding language, and—most alarmingof all—it appears to be sent from [email protected],a typically trustworthy source. “The first thing to note is that this is avalid, signed email – it really was sent from [email protected]. It passes the DKIMsignature check, and GMail displays it without any warnings – it even puts itin the same conversation as other, legitimate security alerts,” Johnsonexplained.
https://x.com/nicksdjohnson/status/1912439027224944676
The emailtells recipients that their Gmail accounts are under review due to suspiciousactivity. It urges users to act quickly by clicking on a “Review Activity”button, warning that if they don’t respond within 24 hours, their accounts willbe suspended. This sense of urgency is a classic phishing tactic aimed attricking people into reacting impulsively.
While thesender’s display name reads “Google,” a closer inspection reveals that theactual email comes from a suspicious-looking address—often filled with randomcharacters. This is a major red flag, commonly used in phishing scams todeceive users.
The trueobjective of these emails is to lure victims into entering their login detailson a fake site that mirrors Google’s sign-in page. Once hackers gain access,they can comb through your inbox, steal personal data, and use your account totarget your contacts. “From there, presumably, they harvest your logincredentials and use them to compromise your account; I haven’t gone further tocheck. So how did they do it – especially the valid email? This is due to twovulnerabilities in Google’s infra that they have declined to fix,” Johnsonadded.
In moreadvanced scenarios, the phishing site may even ask for your recovery email,phone number, and 2FA codes, allowing scammers to completely takeover your account. Once locked out, recovering access can be incrediblydifficult.
The goodnews? Google is taking action. Johnson later confirmed, “Google hasreconsidered and will be fixing the oAuth bug!” But until then, users must stayvigilant.
https://x.com/nicksdjohnson/status/1912575027632873565
What toDo If You Receive This Email:
- Don’t click any links. If unsure about the email’s legitimacy, open Gmail in a new tab and navigate directly to your account settings. From there, review your security alerts and recent activity.
- Report the email. Use Gmail’s built-in feature to report phishing. Just click the three-dot menu in the top-right corner of the message and select “Report phishing.” This helps Google block similar scams in the future.
- Enable Two-Factor Authentication (2FA). If you haven’t already, turn on 2FA to add an extra layer of security to your account. Even if someone has your password, they won’t be able to log in without the second verification step.
Google also advises users toscrutinise every email: check the sender’s actual address, be wary of grammarmistakes or urgent warnings, and never enter passwords on unfamiliar websites.Awareness is your best defence—stay alert and always think twice beforeclicking.
