Google is warning its nearly two billion Gmail users to immediately delete a concerning email that tries to look like it comes from Google itself.
The new scam is called a ‘no-reply’ email attack because victims receive a supposedly official message from no-reply@accounts.google.com.
Inside the email, recipients will find a notice claiming that Google has been subpoenaed by law enforcement to release everything in the user’s account.
The email even contains a link to a Google support page that appears to have all the details about what’s happening regarding the legal case against you.
However, company officials have said it’s all a fake, created by online scammers looking to gain access to a victim’s personal information.
The attack is triggered when Gmail users click the link and then download or approve permissions to view the phony legal documents.
By doing this, the victims unknowingly give the scammers limited access to their Google account, like the ability to read emails or access files.
In some cases, downloading the fake Google files spreads malware into the victim’s device, which is harmful software that can steal even more information, including passwords and bank details.
Google has warned all Gmail users that a new attack looks like a legal email coming from Google but it’s actually a scam
According to Nick Johnson, a leading tech developer who has worked for Google and cryptocurrency Ethereum, the scammers pull this off by exploiting Google’s own systems.
Specifically, the new attack makes use of a tool called Google OAuth, which lets third-party apps access Google accounts with the user’s permission.
Scammers create a fake web address that looks similar to Google’s, set up an email account on it, and register a fake app with Google.
This app sends a notification email that looks real because it comes from Google’s system, but it’s actually forwarded to victims through a service that hides the scam.
The scam email includes a link to a fake Google Support page, hosted on Google’s own sites.google.com, which makes it seem trustworthy.
When a Gmail user clicks on the link, the attack begins. The link takes them to a page that looks like a real Google login screen.
After signing in, they land on a fake webpage that mimics Google’s official support site and fools them into granting permissions to the scammer’s app.
By downloading or approve permissions to view the phony subpoena, the victim unknowingly gives the scammer access to their account, allowing them to read emails and access the user’s private files.
The email scam pretends to notify the victim that their account information has been subpoenaed by law enforcement, tricking the user into clicking a harmful link
The information that can be stolen in this phishing attack can vary depending on what the victim clicks or downloads.
In the worst case scenarios, downloading malware into your device can give cybercriminals an open door to steal passwords, access financial records in banking apps, and even hijack the device itself by locking the user out remotely.
Johnson explained on X that the key mistake users make is trusting the email and clicking the link.
To stay safe, Gmail users should check the email carefully before following any of its instructions.
Look at the ‘to’ and ‘mailed-by’ fields in the email header. If they show strange addresses, it’s a scam.
Cybersecurity company Kaspersky added that these email addresses typically start with ‘me.’ For example, me@googl-mail-smtp-out-198-142-125-38-prod.net.
While the address obviously seems suspicious, the only thing many Gmail users will see is ‘me’ in their inbox, and that can confuse many people into thinking the message comes from someone they know.
Once they open it, they’re confronted with a phony legal notice that scares them into taking action immediately.
The emails can be spotted by their suspicious sender addresses, which typically start with the word ‘me’
The cyber experts are urging anyone with a Google account to never click on a suspicious link inside an email.
Moreover, never download material online unless it’s coming from a trusted source on a legitimate website.
If you’re unsure, go directly to Google’s official website by typing support.google.com into your browser, not clicking a link in an email.
Using a good antivirus program can also help catch these phishing emails before they cause harm.
Google is also warning its 1.8 billion users to check their security settings, remove the popular two-factor authentication security measures and switch to passkeys instead.
Passkeys are a passwordless, phishing-resistant technology that uses cryptographic keys stored on a user’s devices and are authenticated using biometrics – like a fingerprint, face scan, or a PIN number.
Tech giants like Microsoft have argued that passkeys are now safer than two-factor authentication, which typically involves sending a one-time code to your phone or email when signing in.
