Gmail users should be careful about clicking on a “subpoena alert” email that looks like it’s from Google but really is a phishing scam.
The email, posted online by developer Nick Johnson via screenshots, appears as if it was sent from a nonreply official Google account and passed a built-in signature check. It mentioned a purported subpoena that required Google to create a copy of users’ content and asked them to click on a sites.google.com URL.
Clicking on the URL takes victims to a sign-up page, made to look like a real Google Support page, which they can upload and be exposed to scammers.
The use of sites.google.com is one giveaway that a scam is involved. The domain is a legacy URL from before Google implemented more modern security measures, Mr. Johnson explained. The other tell is that, despite appearing as if it were sent by an official Google email address, it was instead sent by a privateemail.com address to a garbled “me@” email address.
Google says it has identified the threat and is moving to stop the emails.
“We’re aware of this class of targeted attack from this threat actor and have rolled out protections to shut down this avenue for abuse. In the meantime, we encourage users to adopt two-factor authentication and passkeys, which provide strong protection against these kinds of phishing campaigns,” a Google spokesperson told the Daily Mail.
People who fell for the scam and found themselves locked out of their Google account could be able to get their account back if they have a phone number or separate recovery email address associated with it. Even if a hacker changes either method, the previous phone number or recovery email can be used to regain access to an account for a week after a hack attack, Google spokesman Ross Richendrfer told Forbes.
