1 hour ago
1 
GMAIL users have been issued a “red alert” warning over an advanced phishing scam which aims to steal your data.
Google has said it is currently working to stop the “extremely sophisticated attack” which looks incredibly real and could trick you into giving away sensitive personal information.
GettyGmail users have been warned over a new ‘sophisticated’ scam which aims to steal your personal information[/caption]
APGoogle has said it is currently working on a fix to help protect users[/caption]
GoogleDeveloper Nick Johnson showed how the scam was sent by a seemingly legitimate Google account[/caption]
Countless cyber crooks regularly try to catch out the billions of people who use Gmail, but the vast majority of these are caught and blocked by Google’s filters and spam protection.
This new phishing scheme is so advanced that is can bypass much of Google’s impressive security, meaning some users could be caught out.
Developer Nick Johnson says he was targeted by the attack, which consisted of a message which suggested a legal subpoena had been issued for him.
The scam also tells users that a copy of their Google account content needs to be produced.
While it may sound far-fetched, people may be inclined to trust the email as it comes from a seemingly valid Google account.
It is this level of hiding which concerns Nick the most.
In a thread on X, he explained: “The first thing to note is that this is a valid, signed email – it really was sent from [email protected].
“It passes the DKIM signature check, and Gmail displays it without any warnings – it even puts it in the same conversation as other, legitimate security alerts.”
Google’s DKIM signature check normally filters any suspicious emails, by checking their source, and then places them in the spam folder, to ensure users are protected.
However, since this new scam can mask itself by generating a Google domain, the spam checker sees the email as having a legitimate origin.
This means the scam turns up in your regular inbox as a seemingly valid email, rather than ending up in the spam section.
Inside each email is an embedded link which, when clicked, takes users to a “very convincing” portal page where they are asked to sign in using their account name and password.
If any unfortunate users input their details at this step, the scammers will instantly gain access to the highly personal data.
Google has now confirmed it is rushing to release a fix that will stop its name and email address being used to attack Gmail account holders.
In a statement to Newsweek, a Google spokesperson said: “We’re aware of this class of targeted attack from the threat actor, Rockfoils, and have been rolling out protections for the past week.
“These protections will soon be fully deployed, which will shut down this avenue for abuse.”
How to protect yourself from scams
BY keeping these tips in mind, you can avoid getting caught up in a scam:
The tech giant however did not confirm when a solution would be rolled-out, so users should remain vigilant for these scammers.
This comes just days after WhatsApp users were issued with an urgent warning over a trick message that could let strangers access your texts and even empty your bank account.
The con is linked to those verification codes that you sometimes receive for logging in.
WhatsApp uses these codes for logging into the app itself.
And you’ll likely have been sent them over text for other services too, like Facebook, a TV app, or even your bank.
These texts are gold dust to cyber-criminals, as getting their hands on your code is an easy way to break into your accounts.
Now, WhatsApp is warning users to never share these codes with anyone else, as they’re a ticket straight into your account.
GettyThe Gmail scam appears to come from a legitimate Google email[/caption] 
Bengali (Bangladesh) · 
English (United States) ·