Google has issued an urgent warning about a sophisticated phishing attack targeting Gmail's 1.8 billion users, putting personal data at risk.
The attack, first identified by Ethereum developer Nick Johnson, exploits Google's infrastructure to send deceptive emails that appear legitimate, even passing Gmail's security checks.
The scam involves emails that appear to come from Google's official no-reply address, claiming the recipient has received a legal subpoena requiring access to their account. The fraudulent messages are particularly convincing because they originate from what appears to be an authentic Google domain.
"The first thing to note is that this is a valid, signed email – it really was sent from no-reply@google.com," Johnson explained on social media. The phishing attempt bypasses standard security measures, including Google's DKIM signature verification.
When users click the embedded link, they're directed to a convincing replica of Google's support portal. The fake site prompts visitors to enter their login credentials, which are then harvested by attackers.
Google has acknowledged the threat and confirmed they are implementing protective measures. "We're aware of this class of targeted attack from this threat actor and have rolled out protections to shut down this avenue for abuse," a Google spokesperson stated.
To protect against such attacks, users are advised to:
- Enable two-factor authentication
- Implement passkeys for account security
- Avoid clicking links in unexpected emails
- Open websites directly rather than through email links
- Be wary of requests for account credentials
Google emphasized that they never request account passwords, one-time codes, or push notification confirmations through email.
The company is working to deploy a comprehensive fix to prevent their domain from being exploited in similar attacks, though no specific timeline has been provided for the solution's implementation.