Gmail users warned after convincing Google phishing scam

Gmail users are being urged to stay alert after consumer group Which? revealed details of a sophisticated new phishing scam that impersonates Google.

The scam, first highlighted by developer Nick Johnson, involves a fake email appearing to come from [email protected] with the subject line ‘Security alert’.

The email claims the user has been issued with a ‘subpoena’ — a formal court order — instructing Google to produce copies of their account content.

Recipients are encouraged to follow a link to view their ‘support case’, which leads to a website built using Google Sites.

The fraudulent site closely mimics the appearance of a genuine Google support page, asking users to log in and view their ‘case materials’.

While the next stage of the scam is unclear, Which? warns that it likely results in malware installation or an attempt to steal personal and financial information.

According to Which?, the attackers were able to make the email look convincing by spoofing the ‘from’ address and copying content from a legitimate Google email.

This tactic allowed the email to retain its DKIM security signature, a feature that proves an email’s authenticity, meaning it bypassed Gmail’s security filters.

Which? contacted Google about the scam. A Google spokesperson said, “We’re aware of this class of targeted attack from this threat actor and have rolled out protections to shut down this avenue for abuse. In the meantime, we encourage users to adopt two-factor authentication and passkeys, which provide strong protection against these kinds of phishing campaigns.”

Google stressed that it will never ask users for account credentials, passwords, one-time passcodes, or to confirm push notifications or calls.

• How to spot phishing scams Experts recommend the following steps to help detect scam emails:
• Inspect email headers carefully by clicking the arrow next to the sender’s name to reveal the full address.
• Hover over links without clicking to check if they lead to suspicious web addresses.
• Be cautious of emails that create a sense of urgency or pressure to act quickly.
• Use domain checking services like Who.is to see when a website was registered, with recent creation dates often indicating scams.
• Avoid clicking on suspicious links and report scam emails by forwarding them to [email protected].

If someone believes they have fallen victim to a phishing scam, they should contact their bank immediately using the number on the back of their card and report the incident to Action Fraud or by calling 101.