New Gmail phishing scam exploits Google’s own tools—Here’s how to stay safe

Alexandru_BD

A sophisticated phishing scam is targeting Gmail users worldwide, and it’s particularly dangerous because the emails appear to come directly from Google. This scam bypasses traditional security filters and can trick even vigilant users into handing over sensitive information.

What’s Happening?

Cybercriminals are sending emails that seem to originate from no-reply@google.com, warning recipients of a supposed subpoena related to law enforcement accessing their Google Account. These emails are crafted using Google’s own Sites platform, making them look authentic and allowing them to bypass Gmail’s DomainKeys Identified Mail (DKIM) security checks.

DomainKeys Identified Mail (DKIM) is an email authentication method designed to verify that an email was genuinely sent by the domain it claims to originate from. It works by adding a digital signature to the headers of outgoing messages. Email providers can then check this signature against a public key stored in the domain's DNS records to confirm authenticity. DKIM is critical for email security because it helps prevent email spoofing, a technique commonly used in phishing and spam attacks. By ensuring messages are genuinely from the sender they claim to be, DKIM helps users avoid falling victim to fraudulent emails that can compromise personal data and security.

The scammers are using a legitimate e-mail message received from Google, that they forward and modify, which seems to preserve the message’s authentic DKIM signature. When users click on the links provided in this message, they are directed to fake support pages hosted on sites.google.com, not the genuine accounts.google.com domain. 

How to protect yourself

1. Enable Two-Factor Authentication (2FA): Adding an extra layer of security can prevent unauthorized access even if your credentials are compromised.
2. Use Passkeys: Passkeys provide a more secure and convenient way to sign in, reducing reliance on passwords.
3. Verify URLs carefully: Always check the domain of any link before clicking. Official Google account pages use accounts.google.com.
4. Be skeptical of urgent requests: Google will never send unsolicited messages asking for your password or personal information.
5. Report suspicious emails: Use Gmail’s built-in tools to report phishing attempts, helping to improve security for everyone.

Stay informed and vigilant

This scam is a reminder that even emails appearing to come from trusted sources can be fraudulent. Always approach unexpected messages with caution, and take the time to verify their authenticity.

Double-check suspicious conversations with the free Scamio service

To further protect yourself, consider using Bitdefender’s Scamio, a free tool designed to help you identify and avoid online scams. By analyzing suspicious messages and websites, Scamio provides guidance on potential threats.

Additionally, sharing information about new scams with the community can help others stay safe. If you encounter a novel phishing attempt, report it through Scamio to contribute to collective cybersecurity awareness, and share your findings with the community in the comments as well.