GOOGLE and PayPal users have been warned of a convincing new scam that allows hackers to raid their accounts.
have found a way to send out alarming emails that look like they're from the two companies.
One of the key checks people often look out for to tell if an email is a con trick is the email address of the sender.
Users have come forward sharing screenshots of emails from “[email protected]” that appear to be genuine.
But it turns out that online have found a way to mimic ‘s email addresses.
Those behind it pulled the vicious ruse off using Google's free Sites web-building app to create fake pages that look convincing.
The communications are presented as important subpoenas issued to Google by law enforcement demanding “information contained in your Google Account”.
Andrew Chen, who received one of the emails, wrote on X: “just got this phishing attempt.
“Thank god I was paying attention.”
Last month, a similar technique was used to try and fool users, reports Bleeping Computer.
In a statement to The Verge, Google said it had now “shut down” the loophole.
“We’re aware of this class of targeted attack from this threat actor, and have rolled out protections to shut down this avenue for abuse,” the firm said.
“In the meantime, we encourage users to adopt two-factor authentication and passkeys, which provide strong protection against these kinds of phishing campaigns.”
Two-factor authentication is becoming increasingly popular and can involve you needing a password and a passcode that's texted to you.
co-founder has previously predicted that passwords will be obsolete one day and stronger security will be needed.
You still technically need a password to use multi-step authentication on Google but that's only step number one.
Once you've entered a password, you'll then be sent a one time code to your smartphone.
You'll then have to enter to gain access to a Google Account.
This make things more difficult for hackers because they not only need your password but they would somehow need access to your phone too.
