A new fraud campaign is active in Gmail — how to protect yourself
Gmail users are reporting a new fraudulent email that passes Google authentication and looks completely legitimate. The email originates from no-reply@accounts.google.com, does not trigger any warnings in Gmail, and leads to the page on Google Sites created to steal credentials.
Android Authority writes about it.
How fraudsters manage to deceive Google's security system
Developer Nick Johnson said he received such an email and investigated the scheme. The fraudsters register a separate domain, create a Google account, and then generate their own OAuth application and name it after the full text of the phishing email. After that, they allow their account to send security alerts on behalf of Google — the system signs such messages as accounts.google.com, so Gmail does not mark them as dangerous. The email is then forwarded to potential victims along with a link to a fake support page on Google Sites. Clicking on the "View Case" or "Send Documents" buttons takes the user to a fake login form where they leave their credentials.
The first thing to note is that this is a valid, signed email - it really was sent from no-reply@google.com. It passes the DKIM signature check, and GMail displays it without any warnings - it even puts it in the same conversation as other, legitimate security alerts. pic.twitter.com/GxlFR6ccLG
— nick.eth (@nicksdjohnson) April 16, 2025
Johnson filed a bug report, but first received a response that such behaviour was "expected". Only later did Google announce that it would fix the problem — the company promised to close the ability to sign emails created in this way and restrict the use of scripts and embedded elements on Google Sites.
Despite the fact that the fix is underway, experts advise to remain vigilant: carefully check the sender's address, do not enter passwords on pages opened via links from emails, and use two-factor authentication. Similar attacks were already recorded at the end of last year, when fraudsters forged emails from Google and even made calls with a spoofed identity.
As a reminder, AI poses a threat to email services such as Gmail, Outlook, and Apple Mail. Experts warn that users may encounter a new type of phishing attack created with the help of large language models.
We also wrote that email is undoubtedly one of the most convenient ways of official communication. Sometimes important emails can be lost, but there are many ways to recover them if you use Gmail.