A new sophisticated phishing threat has been developed that targets Gmail accounts. What makes this new attack so tricky is how legitimate it appears.
Understanding the Phishing Scam
The phishing scam mimics a legitimate Google Security alert. The email is sent from a seemingly valid no-reply@google.com address and claims that a subpoena has been issued to Google LLC by law enforcement, seeking information from the recipient’s Google account. The email includes a reference number and a link to a “Google Support Case,” which leads to a convincing but fake support portal page. Once the user enters their login credentials, the attackers gain access to their account.
Why this scam is noteworthy
This method is unique because for all intents and purposes, the listed sender is legitimate. The message is not legitimate and the actual sender is a bad actor exploiting the system. But the message will get around any advanced filtering you may have in place because of how legitimate it looks.
Google has released a fix for this specific issue that should soon be widely available. But the lesson here is that protecting against phishing requires education and vigilance. As noted in VIPRE’s “Email Threat Trends Report” phishing attacks for the first quarter of 2025 are increasingly focused on lower-tech social engineering approaches that side step sophisticated email scanning technology.
Why Phishing Can Trick Anyone
Phishing scams are designed to exploit human psychology and trust. Even tech-savvy individuals can fall victim to these scams because they often appear legitimate. The “no-reply” phishing email bypasses Google’s security protections and is displayed without any warnings. This level of sophistication can deceive anyone, making it crucial for any computer user in your organization to understand the risks.
At BSC Solutions Group we view every situation through a cybersecurity lens. If you would like more information about how we can help your organization protect against phishing and social engineering attacks, contact us today.
