GMAIL users have been issued a “red alert” warning over an advanced phishing scam which aims to steal your data.
has said it is currently working to stop the “extremely sophisticated attack” which looks incredibly real and could trick you into giving away .
Countless regularly try to catch out the billions of people who use Gmail, but the vast majority of these are caught and blocked by Google's filters and .
This new phishing scheme is so advanced that is can , meaning some users could be caught out.
Developer Nick Johnson says he was targeted by the attack, which consisted of a message which suggested a legal subpoena had been issued for him.
The scam also tells users that a copy of their Google account content needs to be produced.
While it may sound far-fetched, people may be inclined to trust the email as it comes from a seemingly valid Google account.
It is this level of hiding which concerns Nick the most.
In a thread on X, he explained: “The first thing to note is that this is a valid, signed email – it really was sent from [email protected].
“It passes the DKIM signature check, and Gmail displays it without any warnings – it even puts it in the same conversation as other, legitimate security alerts.”
Google's DKIM signature check normally filters any suspicious emails, by checking their source, and then places them in the spam folder, to ensure users are protected.
However, since this new scam can mask itself by generating a Google domain, the spam checker sees the email as having a legitimate origin.
This means the scam turns up in your regular inbox as a seemingly valid email, rather than ending up in the spam section.
Inside each email is an embedded link which, when clicked, takes users to a “very convincing” portal page where they are asked to sign in using their account name and password.
If any unfortunate users input their details at this step, the scammers will instantly gain access to the .
Google has now confirmed it is rushing to release a fix that will stop its name and email address being used to attack Gmail account holders.
In a statement to Newsweek, a Google spokesperson said: “We're aware of this class of targeted attack from the threat actor, Rockfoils, and have been rolling out protections for the past week.
“These protections will soon be fully deployed, which will shut down this avenue for abuse.”
The tech giant however did not confirm when a solution would be rolled-out, so users should remain vigilant for these scammers.
This comes just days after WhatsApp users were over a trick message that could let strangers access your texts and even empty your bank account.
The con is linked to those verification codes that you sometimes receive for logging in.
uses these codes for logging into the app itself.
And you'll likely have been sent them over text for other services too, like , a TV app, or even your bank.
These texts are gold dust to, as getting their hands on your code is.
Now, WhatsApp is warning users to never share these codes with anyone else, as they're.
