Beware of New Sophisticated Google Gmail Phishing Scheme

Here we go again. There is a new and highly sophisticated Gmail phishing scheme is currently targeting users worldwide, leveraging artificial intelligence (AI) to craft convincing emails and phone calls that mimic legitimate Google communications. Even the FBI has issued a stark warning: “Do not click on anything” if you suspect a phishing attempt. ​

Phishing Scheme Specifics:

If you receive an email from Google that appears to be a legitimate security alert, Delete it Immediately. Apparently, these attackers are utilizing vulnerabilities in Google's authentication protocols to send phishing messages that on it's face appear to be authentic enough to easily steal a users' account credentials. For further details on this latest phishing scam, please read the article entitled: Don't Fall for This New Gmail Phishing Scheme written by Emily Long of Lifehacker.com

Key Features of the Scam AI-Generated Communications

• Cybercriminals are using AI to create emails and voice messages that closely resemble official Google correspondence, making them difficult to distinguish from genuine communications. ​

• Attackers spoof caller IDs and email addresses to appear as though they originate from legitimate Google sources, including using addresses like no-reply@accounts.google.com. ​

• Victims are directed to fraudulent websites hosted on legitimate platforms like sites.google.com, which are designed to harvest login credentials. ​

• QR Code Phishing (Quishing): Some phishing emails include QR codes that, when scanned, lead to malicious sites designed to steal user information. ​

• Attackers are abusing Gmail's dynamic email features to create interactive phishing content that bypasses traditional security filters.

How you can protect yourself against phishing scams that impersonate legitimate Google security alerts:

• Verify the Sender's Address Legitimate Google emails come from addresses ending with @google.com or @accounts.google.com. Be cautious if the email address looks unusual or contains misspellings, extra characters, or unfamiliar domains.

• Avoid Clicking Links Directly from Emails Instead of clicking any links provided in the email, manually log into your Google account by typing https://myaccount.google.com/security into your browser to verify alerts and account activity.

• Check URL Carefully Scammers often create URLs that closely resemble legitimate Google URLs (e.g., googIe.com instead of google.com). Hover over links without clicking to preview the actual URL.

• Enable Two-Factor Authentication (2FA) Enable Google's two-factor authentication (2FA), ideally using an authenticator app (like Google Authenticator) or security keys instead of SMS-based verification.

• Look Out for Urgency or Threatening Language Phishing emails typically use urgency or threats like "your account will be suspended immediately." Genuine alerts from Google usually notify clearly without aggressive tactics.

• Report Suspicious Emails Report phishing attempts directly to Google: Forward phishing emails to: phishing@google.com Mark suspicious emails as spam or phishing within your email client.

• Use Google's Security Checkup Tool Regularly perform a security checkup: Google Security Checkup