Icon - support the ZSU Support Ukraine’s Army
Army News Technology Fashion and beauty Horoscopes Psychology Video
PsychologyFashion and beautyFoodTravelTravelRecipesHomePropertyFashionFashionWar economyTravelHome and gardenTransportAutomotiveMovies and TV showsEconomyUkraineNews of the daySportPsychology 2025CelebrityArmyHealthcareReal estateHoroscopeExclusiveMoviesWarShows and starsWar 2024Economy 2024EurovisionPoliticsHoroscopesTechnologyInvestments
Celebrity
Army
Fashion
Fashion and beauty
Horoscopes
News of the day
Psychology
Technology
Transport
Video

Social media

Youtube Youtube Facebook Facebook
Main Technology A new fraud campaign is active in Gmail — how to protect yourself

A new fraud campaign is active in Gmail — how to protect yourself

Ua en ru
Publication time 18 April 2025 13:04
Dangerous phishing via Gmail — how fraudsters bypass Google's security
The Gmail email service on a laptop screen. Photo: Unsplash

Gmail users are reporting a new fraudulent email that passes Google authentication and looks completely legitimate. The email originates from no-reply@accounts.google.com, does not trigger any warnings in Gmail, and leads to the page on Google Sites created to steal credentials.

Android Authority writes about it.

Advertisement

How fraudsters manage to deceive Google's security system

Developer Nick Johnson said he received such an email and investigated the scheme. The fraudsters register a separate domain, create a Google account, and then generate their own OAuth application and name it after the full text of the phishing email. After that, they allow their account to send security alerts on behalf of Google — the system signs such messages as accounts.google.com, so Gmail does not mark them as dangerous. The email is then forwarded to potential victims along with a link to a fake support page on Google Sites. Clicking on the "View Case" or "Send Documents" buttons takes the user to a fake login form where they leave their credentials.

Johnson filed a bug report, but first received a response that such behaviour was "expected". Only later did Google announce that it would fix the problem — the company promised to close the ability to sign emails created in this way and restrict the use of scripts and embedded elements on Google Sites.

Despite the fact that the fix is underway, experts advise to remain vigilant: carefully check the sender's address, do not enter passwords on pages opened via links from emails, and use two-factor authentication. Similar attacks were already recorded at the end of last year, when fraudsters forged emails from Google and even made calls with a spoofed identity.

As a reminder, AI poses a threat to email services such as Gmail, Outlook, and Apple Mail. Experts warn that users may encounter a new type of phishing attack created with the help of large language models.

We also wrote that email is undoubtedly one of the most convenient ways of official communication. Sometimes important emails can be lost, but there are many ways to recover them if you use Gmail.

Google fraud letter email
Volodymyr Mololkin - editor
Author
Volodymyr Mololkin
Advertisement
Advertisement
Advertisement
Advertisement

This website uses cookies

We use cookie

More information