Costa News Spain Breaking News | English News in Spain.
Fake emails from law enforcement agencies are targeting Gmail users to steal login details through convincing phishing.
Credit : JarTee, Shutterstock
You’ll want to read this if you have a Gmail. Cybersecurity experts warn of a new wave sophisticated scams. Be sure to read all the fine print.
A new threat targeting Gmail users is making headlines again and this time, it’s even more convincing than usual. Cybersecurity firm Kaspersky issued a warning against phishing emails that look like they came from Google, and claim your account is under investigation by law enforcement.
It’s just a trick but one that is dangerously convincing.
How and why the Gmail Scam works
The scam looks like this: you receive a message from no-reply@accounts.google.com, a very official-looking email address, telling you that Google has received a request from law enforcement to access your account data. The scam message contains what looks like a genuine Google support ticket. It also includes a link and language designed to create enough panic for you to click.
But here’s the catch and it’s subtle.
While the link includes Google’s logo, it does not take you to support.google.com. It redirects instead to sites.google.com which hosts user-generated content. After that, the victim is sent to a fake page to steal their login credentials. It is well-made, familiar and easy to fall into.
Kaspersky identifies other red-flags hidden in the email’s details.
- A ‘To’ field pointing to an unusual third-party address
- A ‘mailed-by’ header showing a suspicious domain, like fwd.privateemail.com
- A fake ‘signed-by’ using legitimate-looking Google details
What’s the result? Most users won’t notice anything wrong until it’s too late — especially when fear and urgency are used as manipulation tools.
Google’s response against phishing and how you can protect your account
Google has already been on the case. In a public statement, Google confirmed it knew about this type of targeted phishing and had begun rolling out protective measures to block them across all its platforms. These updates will be available soon.
Google wants to remind users about a few important facts.
- You will never be asked to confirm your personal details or login credentials via email
- No official requests should be sent via sites.google.com and any other domains.
- If in doubt, access your account directly by typing gmail.com into your browser — never through a link in a suspicious message
Google also encourages users to use passkeys and enable two-factor verification, which provides an additional layer of protection even if your password is stolen.
Google Chrome AI boost to stop phishing attacks
Google also announced that it has added new scam protections to its Chrome web browser. These updates make use of on-device AI in order to detect and prevent phishing attempts in real time. This is the exact type of scam that this new Gmail attack represents.
So, if you receive an unexpected email that stirs up fear or urgency — even if it looks perfectly legit — take a breath before clicking anything.
Remember: Google will not ask you for your password or threaten legal action via email.
If you feel that something is off about the message, it most likely is.
More technology news coming soon
