Everyone with a Gmail account is warned they're 'at risk' as new 'extremely sophisticated' scam emerges
An expert has warned users with a Gmail account that they could soon be subject to a sophisticated scam.
As technology has evolved in recent years, so have the scammers who try and steal our money our identities online.
While we might be quick to judge someone who falls victim to an internet scam, particularly if they've been somehow convinced that they're in a relationship with a well-known celebrity, it's not always obvious what is and isn't safe online.
There's plenty of advice out there, especially when it comes to the one word you definitely shouldn't say to potential scammers on the phone, but when it comes to emails, it might not be as easy to spot.
Advert
The world's most dangerous hacker recently shared his advice when it comes to avoiding majorly bad consequences, but it seems as if the hackers who have targeted Google's email service users are going down a different route in an attack which could put victims at risk of online fraud.
Security experts at Malwarebytes are warning that 'all Gmail users are at risk from [the] clever replay attack'.
Users could receive an email that looks to be from an official Google account, allowing it to bypass the filters which usually send the dodgy emails straight to your spam box.
The scam was first spotted by Nick Johnson, a lead developer of the Ethereum Name Service, and it was only down to his tech skills that he was able to spot an issue that many of us would have missed.
"Recently I was targeted by an extremely sophisticated phishing attack," Johnson posted on X Wednesday.
Recently I was targeted by an extremely sophisticated phishing attack, and I want to highlight it here. It exploits a vulnerability in Google's infrastructure, and given their refusal to fix it, we're likely to see it a lot more. Here's the email I got: pic.twitter.com/tScmxj3um6
— nick.eth (@nicksdjohnson) April 16, 2025
He spoke more about how he first spotted the issue and how users can avoid falling for the scam.
"The first thing to note is that this is a valid, signed email - it really was sent from [email protected]. It passes the DKIM signature check, and Gmail displays it without any warnings" he said.
Clicking the fraudulent link in the email took him to a 'very convincing support portal page'. He then clicked 'Upload additional documents' and 'View case,' and both links took him to 'exact duplicates' of the legitimate Google sign in page.
"From there, presumably, they harvest your login credentials and use them to compromise your account; I haven't gone further to check," he explained.
So, if you spot any suspicious links that ask you to sign into your account, maybe avoid them unless you want your personal information harvested.
Malwarebytes also released four tips to stay safe, which include double-checking the email headers, not following any unsolicited links, verifying the legitimacy of emails and not using your Google account to sign in on other websites.
LADbible has contacted Google for a comment.
Topics: Google, Technology
James Moorhouse