Gmail to be shut down
If you are a Gmail user, read this carefully! Google has issued a warning about a new phishing scam that is becoming common on the platform. This phishing campaign cleverly mimics official emails and bypasses standard security checks. The aim of these phishing attacks is to steal user credentials, and the scammers use convincing messages from what appears to be a legitimate Google email address so that people end up trusting them.
Software developer Nick Johnson was one of the first to flag the issue on X (formerly Twitter). He received an email from “no-reply@google.com” claiming a legal subpoena had been issued for his Google Account. The email had a link attached to it which directs to a fake Google support page hosted on sites.google.com—a Google-owned domain. This made the mail look more authentic.
Why Google has raised an alarm is that it passed Google’s own security checks, including DomainKeys Identified Mail (DKIM). The email also appeared within the same Gmail thread as real security alerts, making it extremely difficult to distinguish from a genuine warning.
If someone trusts these emails and goes to the fake website, a sign-in page appears. This is where scammers get full access to the victims’ Gmail accounts and linked data. Google further revealed that this threat exploits OAuth and DKIM in a new way. The company is currently rolling out fixes and says protections will be fully deployed soon. Meanwhile, users are urged to exercise caution.
Till the time Google rolls out an update, users should avoid clicking on suspicious links and instead log in directly via the official Google website. Furthermore, users should enable two-factor authentication and passkeys for added security.
Stay safe online and always stay alert, even the most authentic-looking emails and websites can turn out to be a scam.