News

Gmail users given ‘red alert’ warning over new phishing scam stealing data

News Room
News Room

GMAIL users have been issued a “red alert” warning over an advanced phishing scam which aims to steal your data.

Google has said it is currently working to stop the “extremely sophisticated attack” which looks incredibly real and could trick you into giving away sensitive personal information.

4

Gmail users have been warned over a new ‘sophisticated’ scam which aims to steal your personal informationCredit: Getty
Woman silhouetted against a large Google logo.

4

Google has said it is currently working on a fix to help protect usersCredit: AP
Gmail security alert: subpoena served on Google LLC regarding user account content.

4

Developer Nick Johnson showed how the scam was sent by a seemingly legitimate Google accountCredit: Google

Countless cyber crooks regularly try to catch out the billions of people who use Gmail, but the vast majority of these are caught and blocked by Google’s filters and spam protection.

This new phishing scheme is so advanced that is can bypass much of Google’s impressive security, meaning some users could be caught out.

Developer Nick Johnson says he was targeted by the attack, which consisted of a message which suggested a legal subpoena had been issued for him.

The scam also tells users that a copy of their Google account content needs to be produced.

While it may sound far-fetched, people may be inclined to trust the email as it comes from a seemingly valid Google account.

It is this level of hiding which concerns Nick the most.

In a thread on X, he explained: “The first thing to note is that this is a valid, signed email – it really was sent from [email protected].

“It passes the DKIM signature check, and Gmail displays it without any warnings – it even puts it in the same conversation as other, legitimate security alerts.”

Google’s DKIM signature check normally filters any suspicious emails, by checking their source, and then places them in the spam folder, to ensure users are protected.

However, since this new scam can mask itself by generating a Google domain, the spam checker sees the email as having a legitimate origin.

More than one in four scammed adults felt embarrassed

This means the scam turns up in your regular inbox as a seemingly valid email, rather than ending up in the spam section.

Inside each email is an embedded link which, when clicked, takes users to a “very convincing” portal page where they are asked to sign in using their account name and password.

If any unfortunate users input their details at this step, the scammers will instantly gain access to the highly personal data.

Google has now confirmed it is rushing to release a fix that will stop its name and email address being used to attack Gmail account holders.

In a statement to Newsweek, a Google spokesperson said: “We’re aware of this class of targeted attack from the threat actor, Rockfoils, and have been rolling out protections for the past week.

“These protections will soon be fully deployed, which will shut down this avenue for abuse.”

How to protect yourself from scams

BY keeping these tips in mind, you can avoid getting caught up in a scam:

  • Firstly, remember that if something seems too good to be true, it normally is.
  • Check brands are “verified” on Facebook and Twitter pages – this means the company will have a blue tick on its profile.
  • Look for grammatical and spelling errors; fraudsters are notoriously bad at writing proper English. If you receive a message from a “friend” informing you of a freebie, consider whether it’s written in your friend’s normal style.
  • If you’re invited to click on a URL, hover over the link to see the address it will take you to – does it look genuine?
  • To be on the really safe side, don’t click on unsolicited links in messages, even if they appear to come from a trusted contact.
  • Be careful when opening email attachments too. Fraudsters are increasingly attaching files, usually PDFs or spreadsheets, which contain dangerous malware.
  • If you receive a suspicious message then report it to the company, block the sender and delete it.
  • If you think you’ve fallen for a scam, report it to Action Fraud on 0300 123 2040 or use its online fraud reporting tool.

The tech giant however did not confirm when a solution would be rolled-out, so users should remain vigilant for these scammers.

This comes just days after WhatsApp users were issued with an urgent warning over a trick message that could let strangers access your texts and even empty your bank account.

The con is linked to those verification codes that you sometimes receive for logging in.

WhatsApp uses these codes for logging into the app itself.

And you’ll likely have been sent them over text for other services too, like Facebook, a TV app, or even your bank.

These texts are gold dust to cyber-criminals, as getting their hands on your code is an easy way to break into your accounts.

Now, WhatsApp is warning users to never share these codes with anyone else, as they’re a ticket straight into your account.

Gmail app icon on iPhone screen.

4

The Gmail scam appears to come from a legitimate Google emailCredit: Getty
Share This Article
Previous Article hWsxnssvhngyfssKynuss
Next Article Court rules against Google in advertising technology antitrust case – News
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Stay Connected

Latest News

Why Developers Build Tools They Don’t Plan to Sell | HackerNoon
Computing
Best Internet Providers in Colorado Springs, Colorado
News
HPE and NVIDIA convene in Madrid the leaders of the business AI
Mobile
US Tech Visa Applications Are Being Put Through the Wringer
Gadget
Lost your password?