Gmail warning comes around again.
NurPhoto via Getty Images
Gmail users face a new tidal wave of warnings as a dangerous new account threat makes headlines again. Gmail accounts are prized by hackers as a valuable store of information and as a gateway to other platforms and services. New and “nearly perfect” AI threats mean those accounts are now at risk — make sure you don’t lose yours.
A new alert from Kaspersky has just warned Gmail users that “law enforcement agencies are interested in your account.” This is making headlines, with reports (1,2) of “hackers abusing Google Services to send malicious law enforcement requests.”
The attack itself was first reported in April, when a crypto engineer warned he “was targeted by an extremely sophisticated phishing attack” which “exploits a vulnerability in Google’s infrastructure.” At the time, it seemed Google was “refusing to fix it,” and so Ethereum’s Nick Johnson suggested “we’re likely to see it a lot more.”
ForbesDo Not Click—This Message Has Just 10 Minutes To Hack Your PhoneBy Zak Doffman
“Imagine,” Kaspersky says, “you receive a letter notifying that Google has received a summons from law enforcement agencies demanding to provide the contents of your account. The letter looks quite ‘Google-like’, and the sender’s address is quite respectable — no-reply@accounts.google.com. Inside, a slight feeling of panic immediately wakes up (at least), doesn’t it?”
The attack is cleverly constructed. “Even the link looks quite plausible — the address includes the official Google domain and the support ticket number mentioned above. Only sophisticated users will notice the catch: all Google support pages are located on support.google.com, the link immediately leads to a certain sites.google.com. But the calculation of attackers is on those users who do not understand such details.”
But the objective is simple. As I explained last month, it links to a Google-hosted credential phishing page that mimics the real thing, but which takes over your account.
Kaspersky highlights the following telltale signs:
- The address of a fake support page — sites.google.com.
- While the sender is the official Google — no-reply@accounts.google.com, “just one line below, in the to field, is indicated not the mail of the real recipient of this letter, but something much more suspicious – me[@]googl-mail-smtp-out-198-142-125-38-prod[.]net.
- In the mailed-by field “we also encounter a suspicious address, which is certainly not related to Google, -fwd-04-1.fwd.privateemail[.]com.”
But as Kaspersky says, “all these signs are quite difficult to notice for an ordinary layman, especially if he is frightened by the prospect of trouble with law enforcement agencies. Even more confusion is added by the fact that the fake letter is signed by this Google — accounts.google.com is indicated in the signed-by field.”
ForbesGoogle Issues Critical Update For 2 Billion Chrome UsersBy Zak Doffman
Google has pushed out a fix. “We’re aware of this class of targeted attack,” it confirms, “and have been rolling out protections for the past week. These protections will soon be fully deployed, which will shut down this avenue for abuse. In the meantime, we encourage users to adopt two-factor authentication and passkeys, which provide strong protection against these kinds of phishing campaigns.”
But more importantly, Google will not reach out to you in this way, and will never ask for your account credentials or send you to a page where you can enter them. It has emphasized this repeatedly, especially when it comes to account security and tech support issues. If you ever receive a communication with any lure purporting to come from Google, access your account using normal channels and reach out to them directly.
That’s only if you can’t dismiss it as a scam right away and delete the message. Ironically, in tandem with this story breaking again, Google has also confirmed new scam defenses rolling out to Chrome, using on-device AI to intercept scams in real time. This latest one is exactly the type of message such defenses need to block.