Google has issued a warning to all Gmail users about a dangerous new scam. The scam involves fake emails that look very real and are tricking people into giving away their Google account details.
What’s the Scam?
A software developer named Nick Johnson shared on X (formerly Twitter) that he got an email from “no-reply@google.com” saying there was a subpoena (a legal order) for his Google account data. The email had a link that seemed to go to a real Google support page. But in truth, it was a fake page made to steal login information.
What’s scary is:
- The email passed Google’s security checks, so it didn’t land in the spam folder.
- It appeared in the same conversation thread as real Google alerts.
- The fake login page was hosted on Google’s own site (sites.google.com), making it look trustworthy.
If someone entered their password on that page, hackers could get full access to their Gmail and other Google services.
How Did This Happen?
Hackers found a clever way to misuse Google’s own tools (like OAuth and DKIM) to make the scam look real. Because of this, even people who are usually careful might fall for it.
What is Google Doing?
Google confirmed the problem and said they are working on a fix, which will be fully active soon. They also recommend users:
- Turn on two-factor authentication
- Use passkeys for stronger security
What Should Gmail Users Do?
Until Google fully rolls out the fix, here’s how to stay safe:
- Do not click on links in emails that talk about security alerts unless you’re sure they’re real.
- If you get a strange email, go directly to google.com and log in there instead of clicking any links.
- Turn on two-factor authentication and use passkeys to protect your account from hackers.
Why It Matters
This scam shows that even trusted-looking emails can be fake. Hackers are getting smarter by using real-looking tools and platforms to trick people. So, always be careful—even with emails that seem to come from Google.
Stay alert. Stay safe.
