A new and highly convincing phishing scam is targeting Gmail users worldwide, with fraudulent emails appearing to come directly from Google’s official “noreply@google.com” address. Users are being urged to “verify account activity” or risk imminent deactivation of their Gmail accounts — but experts warn: do not click.
The scam was first flagged by cybersecurity researcher Nick Johnson, who posted about the incident on X (formerly Twitter). “I was targeted by an extremely sophisticated phishing attack exploiting a vulnerability in Google’s infrastructure,” he wrote.
What makes this scam particularly deceptive is its use of real Google branding, including accurate logos and language that mimics genuine Google alerts. Johnson noted that the email passed DKIM signature checks, meaning it appeared as a verified and trusted message in Gmail, and was even grouped alongside legitimate security notifications from Google.
Despite the appearance of authenticity, this email is a phishing attempt designed to harvest personal login information. The message claims that a user’s Gmail account is under review and prompts the recipient to click a “Review Activity” button. It warns that failure to act within 24 hours will result in account suspension.
Google has since acknowledged the issue and confirmed plans to fix the underlying OAuth bug that enabled this exploit. “Google has reconsidered and will be fixing the oAuth bug,” Johnson later confirmed in an update.
Further investigation reveals that while the email appears to come from “Google,” closer inspection shows a spoofed sender address—a string of random characters, typical in phishing schemes. The intention is to trick users into clicking a link that leads to a fake Google login page, visually identical to the real one.
Once credentials are entered, attackers can gain full access to the victim’s Gmail account. In more advanced cases, the scam also collects recovery emails, phone numbers, and even two-factor authentication (2FA) codes, potentially locking users out of their accounts entirely.
What to Do if You Receive This Email
- Don’t click any links. If you’re unsure about a security alert, go to Gmail directly in your browser and check your account activity from there.
- Report the message. Gmail allows you to report phishing attempts using the three-dot menu in the top-right corner of any email. Select “Report phishing” to help prevent others from falling victim.
- Enable two-factor authentication (2FA). If not already activated, turning on 2FA adds an essential layer of protection, even if your password is compromised.
Google’s Advice for Avoiding Phishing Scams
Always check the sender’s full email address.
Be wary of urgent language or threats of account suspension.
Never enter your credentials on unfamiliar or suspicious websites.
Look out for spelling or grammar errors, even in seemingly official emails.
As this scam continues to circulate, experts urge all Gmail users to remain vigilant. Even verified-looking messages can be malicious — when in doubt, verify independently.