GMAIL users have been hit with a ‘red alert’ warning and urged to ‘remain vigilant’ amid a new scam stealing sensitive information.
The long-standing mail platform has more than a billion worldwide users.
3
3
Countless cyber crooks regularly try to catch out the billions of people who use Gmail, but the vast majority of these are caught and blocked by Google’s filters and spam protection.
This latest threat would see criminals deceive users while stealing their valuable data.
But how exactly is this scam even pulled off?
The deception begins with a phone call and scammers claiming to be from Google.
From there, the caller attempts to access the would-be victim’s Google account by claiming an account details change needs verification.
The actual objective is securing the two-factor authentication code sent by Google upon the user’s request.
Should the crooks receive this, they will be able to hack the account and lock out the real users.
In a statement to Forbes, Google said: “We’ve hardened our defenses to protect users from this type of abuse and suspended accounts that have misused Google services in these scams.
“But we encourage all users to remain vigilant – please reiterate to your readers that Google will not call you to reset your password or troubleshoot account issues.”
Last month, Gmail users were given a “red alert” over a sophisticated phishing scam.
This new phishing scheme was so advanced that it could bypass much of Google’s impressive security, meaning some users could be caught out.
Google said it was working to stop the “extremely sophisticated attack” which looked incredibly real and could trick you into giving away sensitive personal information.
Developer Nick Johnson said he was targeted by the attack, which consisted of a message which suggested a legal subpoena had been issued for him.
The scam also told users that a copy of their Google account content needs to be produced.
Although this sounds far-fetched, people may have been inclined to trust the email due to coming from a seemingly valid Google account.
How to protect yourself from scams
BY keeping these tips in mind, you can avoid getting caught up in a scam:
- Firstly, remember that if something seems too good to be true, it normally is.
- Check brands are “verified” on Facebook and Twitter pages – this means the company will have a blue tick on its profile.
- Look for grammatical and spelling errors; fraudsters are notoriously bad at writing proper English. If you receive a message from a “friend” informing you of a freebie, consider whether it’s written in your friend’s normal style.
- If you’re invited to click on a URL, hover over the link to see the address it will take you to – does it look genuine?
- To be on the really safe side, don’t click on unsolicited links in messages, even if they appear to come from a trusted contact.
- Be careful when opening email attachments too. Fraudsters are increasingly attaching files, usually PDFs or spreadsheets, which contain dangerous malware.
- If you receive a suspicious message then report it to the company, block the sender and delete it.
- If you think you’ve fallen for a scam, report it to Action Fraud on 0300 123 2040 or use its online fraud reporting tool.
He explained in a thread on X: “The first thing to note is that this is a valid, signed email – it really was sent from no-reply@google.com.
“It passes the DKIM signature check, and Gmail displays it without any warnings – it even puts it in the same conversation as other, legitimate security alerts.”
In a statement to Newsweek, a Google spokesperson said at the time: “We’re aware of this class of targeted attack from the threat actor, Rockfoils, and have been rolling out protections for the past week.
“These protections will soon be fully deployed, which will shut down this avenue for abuse.”
3
