Gmail that mimics official Google Emails
A new scam is circulating among Gmail users through emails appearing to come from the legitimate Google address no-reply@google.com. These emails mimic real security alerts, urging users to “review activity” to avoid account suspension. The phishing attack exploits trusted domain infrastructure, bypassing basic authenticity checks and appearing in Gmail threads alongside genuine Google alerts. Clicking the embedded link directs users to a fake login page designed to capture credentials.
- Modus Operandi
1. Spoofing the Source: Attackers send emails that appear to originate from no-reply@google.com. Due to technical manipulation, these messages can pass DomainKeys Identified Mail (DKIM) verification checks and bypass Gmail’s phishing filters. This gives the appearance of legitimacy, as the emails blend seamlessly into authentic security alert threads.
2. Psychological Pressure: The email often warns users of "suspicious activity" regarding their account and threatens to suspend access within 24 hours mentioning that a legal warrant (subpoena) has been issued against the individual for his Google account data. This urgency is meant to induce panic, pushing users to act quickly without verifying the authenticity of the alert.
3. Deceptive Design: The email is designed to replicate Google’s official security messages using branding, layout, and phrasing that mirrors legitimate notifications. It includes a “Review Activity” button that links to a malicious page.
4. Phishing Execution: When the user clicks the link, they’re redirected to a fake Google login page. It closely resembles the real sign-in portal but is controlled by cybercriminals. If the user enters their credentials here, the information is immediately captured.
5. Post-Compromise Actions: Once the attacker gains access, they can:
◦ View or steal emails and files.
◦ Change recovery settings.
◦ Impersonate the user to send further phishing emails.
◦ Access other services linked to the Gmail account.
Image Reference: Gmail Users Face Serious Risk Of Being Hacked: Beware Of These Emails In Your Inbox - News18