Mumbai, April 21: Google has issued a warning about a sophisticated Gmail scam that has tricked users into providing their personal data. The scammers behind the Gmail scam send the users an email that appears authentic, and then they steal the login credentials of the users. The tech giant warned users about this sophisticated phishing scam, which uses the same address as Google's official, making it difficult to identify.

The latest Gmail scam uses the "no-reply@google.com" email address to convince the users and Google, passing all the security. The scam even appears in the same thread as the official alerts from Google, which makes it impossible for Gmail users to question its authenticity.

Scammers Attacked Gmail User With Sophisticated Phishing Technique

Recently I was targeted by an extremely sophisticated phishing attack, and I want to highlight it here. It exploits a vulnerability in Google's infrastructure, and given their refusal to fix it, we're likely to see it a lot more. Here's the email I got: pic.twitter.com/tScmxj3um6 — nick.eth (@nicksdjohnson) April 16, 2025

Google New Gmail Scam Targeted Its First User

An X user, Nicks D Johnson (@nicksdjohnson), received a fraud email from Google from a "no-reply@google.com" address saying that a subpoena was issued against his account data. The Nick.Eth shared a picture of this fraud email that read: "A subpoena was served on Google LLC requiring us to produce a copy of your Google Account content."

Further, the scammers shared a Google Support reference ID that showed that it was transferred to Legal Investigations Support and had a Google Account ID 1778307780341 written in the threat. Johnson posted on X, "Recently I was targeted by an extremely sophisticated phishing attack, and I want to highlight it here. It exploits a vulnerability in Google's infrastructure, and given their refusal to fix it," He said that more people would see such email frauds.

Why Is the New Gmail Scam Concerning? Here's Gmail Users Should Do To Stay Safe

Scammers used sophisticated techniques for a new Gmail scam, which targeted a user with an authentic email address from Google. Moreover, Gmail appeared authentic with its language and logo placement, making it impossible for the users to ignore it. Through these phishing attacks, the scammers can steal the account's login information and access all the associated details. Google shared guidelines for users who are involved in such sophisticated phishing scams.

Google said that to spot such Gmail scams, users need to look for the sender's address, grammar errors, and urgent threats. The company advised Gmail users not to enter the password on such unfamiliar emails and websites. The users can turn on 2FA (two-factor authentication) and use passkeys for additional protection. They should not click on suspicious-looking or unfamiliar emails, even if they appear to be from Google.

Google said scammers use OAuth and DKIM to bypass security layers and send phishing emails. The tech giant said it would roll out a fix soon.

