Four urgent email rules everyone using Gmail should know as scams rise
A new email scam is targeting Gmail users - and it's incredibly sophisticated
An urgent alert has been issued to all Gmail users to be aware of a new and sophisticated scam that could compromise their personal data. Last month, an alarming rise in attacks aimed at stealing sensitive information was recorded as hackers target users.
Security experts from Malwarebytes have now stepped in with their warning about this menacing online threat from cybercriminals who are exploiting Google's infrastructure, crafting emails that convincingly seem to be sent directly from the tech firm.
The aim of these online crooks is to trick people into divulging their Google account credentials, reports the Express.
This new form of deception was originally identified by developer Nick Johnson, who received an email that looked incredibly urgent and seemingly originated from Google, with the sender's address checking out as authentic.
Top tech stories
Recently victimised by the elaborate phishing scam, Johnson emphasized its severity, saying: "The first thing to note is that this is a valid, signed email - it really was sent from no-reply@google.com. It passes the DKIM signature check, and Gmail displays it without any warnings."
The message received by Johnson suggested that a legal subpoena had been issued with access to his account required.
The email was only revealed to be a fake when he noticed that the official site should have been hosted on a platform called accounts.google.com - instead it appeared on sites.google.com.
Anyone with a Google account can create a website on sites.google.com. And that is exactly what the cybercriminals did. Google says it is now addressing the worrying issue with an update that should stop similar attacks happening in future.
A Google spokesperson told Newsweek: "We're aware of this class of targeted attack from the threat actor, Rockfoils, and have been rolling out protections for the past week."
Despite this, users are advised to remain vigilant and take precautions to avoid falling victim to the scam.
Four Gmail tips to avoid being scammed
Malwarebytes has issued guidance on how to stay safe, including:
- Avoiding links in unsolicited emails or on unfamiliar websites.
- Carefully check email headers for suspicious activity.
- Verify the authenticity of unexpected emails through independent means.
- Do not use Google or Facebook accounts to log in to other services, instead creating a separate account.
Users are urged to exercise caution when checking their email accounts to avoid being deceived.
In 2024, Action Fraud revealed that a total of 35,434 reports were made to its online service, a significant increase from the 22,530 reports in the previous year.
To prevent falling prey to such attacks, users should also activate 2-step verification, ensuring an extra layer of security where a code is sent to another device before access is granted.
It's critical to use a unique password for each email account that is distinctive and more challenging to decipher.