A new Gmail phishing scam is making waves, catching users off guard with its highly convincing appearance.
The fraudulent email, seemingly sent from Google’s official no-reply@google.com address, warns recipients of suspicious account activity and urges them to verify their information. Security expert Nick Johnson first uncovered the scam, revealing that it bypasses Google’s security alerts, making it exceptionally dangerous.
The phishing email is designed to steal login credentials by redirecting users to a fake Google sign-in page. Johnson explained that the scam exploits two security vulnerabilities within Google’s infrastructure, allowing hackers to send emails that appear completely legitimate, including valid DKIM signature checks.
Google has acknowledged the issue and is reportedly working on a fix. Meanwhile, experts advise Gmail users to avoid clicking any suspicious links, report phishing attempts, and enable two-factor authentication (2FA) for added security.
