Gmail users face a phishing scam using verified Google email addresses and faked support pages. The attack bypasses authentication, looks legitimate. Google urges users to enable 2FA and use passkeys.
Google has issued an important warning to all Gmail users. The warning highlights a new phishing campaign that uses legitimate-looking emails to bypass security checks and trick recipients into handing over their account credentials.
Google has acknowledged the threat and the cyber security team working to roll out protections. Still, users are urged to stay vigilant, especially when responding to emails that appear to come from trusted sources like Google itself.
The attack came to light when software developer Nick Johnson posted on X about receiving an official-looking email from “no-reply@google.com” that claimed a subpoena had been issued for his Google Account data. The email included a link to what appeared to be a legitimate Google support page. In reality, the page was a phishing site hosted on Google's own platform, sites.google.com.
What made the email particularly convincing was that it passed Google's authentication checks, including DomainKeys Identified Mail (DKIM). The phishing message was also delivered in the same Gmail conversation thread as real Google security alerts, adding to its perceived legitimacy.
Clicking the link led users to a cloned Google sign-in page hosted on a Google subdomain. The page was designed to download login credentials. If entered, those credentials would give attackers full access to the user's Gmail and associated personal sensitive data.
Google's response
Google has acknowledged the phishing campaign and confirmed that it exploited OAuth and DKIM mechanisms in a novel way. In a statement, the company said it is “rolling out protections” to stop this specific threat and expects the fix to be “fully deployed” soon. Google is also encouraging users to enable two-factor authentication and adopt passkeys to strengthen account security.
Why is this important for webdesign service providers?
The incident highlights how hackers are increasingly using legitimate infrastructure, like Google's own domains, to make phishing attempts harder to detect. Even advanced security features can be bypassed when the source appears trustworthy and familiar.
Not only google, well known service providers such as godaddy, wordpress, weebly, website, yahoo, odoo and so on. Are needs to be on high alert and protect customers from such incidents.
What Gmail and other email platform users should do?
Until Google's update is fully rolled out, Gmail users are advised to avoid clicking on links in unsolicited security alerts. The same goes to other email platforms which is in-house service for domain purchasers. Users should verify suspicious emails by logging into their accounts directly through the official Google website. Activating two-factor authentication and passkeys adds a further layer of protection against credential theft.
