If you get this email from Google, a new sophisticated scam has begun
Watch out for this convincing phishing attack disguised as an official Google message; Google confirms it’s working on a fix.
Beware: This email looks like it’s from Google, but it’s not! Hackers are constantly evolving their strategies to steal personal information, and email phishing remains one of their favorite weapons. This time, a highly sophisticated scam has caught even seasoned developers off guard.
Developer Nick Johnson recently shared that he was the target of “an extremely sophisticated phishing attack that exploits a vulnerability in Google’s infrastructure.”
The fake email appears to come from no-reply@accounts.google.com, a legitimate Google address. It passes all DKIM signature checks, so Gmail doesn’t flag it as suspicious, and it even shows up in the same thread as other genuine Google security alerts.
How the scam works
The email claims that Google has received a subpoena requesting access to the user’s Google account. It includes a link that leads to a fake but convincing “support portal” hosted on sites.google.com, which, importantly, makes the domain look like an official Google address (google.com), giving users a false sense of security.
Clicking options like “Add additional documents” or “View case” leads to a Google sign-in page. If a user enters their credentials, those details are presumably harvested by the attackers.
Why it’s so dangerous
Johnson points out that two major flaws in Google’s infrastructure are being exploited:
- Sites.google.com is still vulnerable—it allows content to be hosted with arbitrary scripts and embedded elements.
- There’s no way to report phishing attempts from the Sites interface, which gives scammers an edge by allowing them to quickly re-upload new scam versions when old ones are taken down.
The use of Google OAuth language and formatting, including referring to the sender as “Me,” makes the email seem even more authentic.
What is Google doing about it?
Johnson reported the issue to Google. A spokesperson confirmed to Newsweek:
“We are aware of this type of targeted attack by the threat actor Rockfoils and have been implementing protections over the past week. These protections will be fully rolled out soon, eliminating this attack vector.”
What you can do to stay safe
- Always double-check the sender address, even if it looks legit.
- Don’t click on suspicious links, especially in emails you weren’t expecting.
- Avoid entering login credentials on unfamiliar pages, even if they appear to be hosted on Google domains.
- Use two-factor authentication to protect your accounts.
- Report suspicious activity to Google immediately using their phishing report form.
Stay cautious: this scam is polished, subtle, and dangerous, even for tech-savvy users. While Google rolls out a fix, your best protection is awareness.
Follow MeriStation USA on X (formerly known as Twitter). Your video game and entertainment website for all the news, updates, and breaking news from the world of video games, movies, series, manga, and anime. Previews, reviews, interviews, trailers, gameplay, podcasts and more! Follow us now!