Gmail users are being targeted by fake law enforcement emails designed to steal login credentials through convincing phishing attacks.Credit : JarTee, Shutterstock
If you’ve got a Gmail account, this one’s for you. Cybersecurity experts are sounding the alarm about a fresh wave of sophisticated scams, and you’ll want to read the fine print.
A new threat targeting Gmail users is making headlines again and this time, it’s even more convincing than usual. Cybersecurity firm Kaspersky has issued a warning about phishing emails that appear to come from Google itself, claiming your account is being investigated by law enforcement.
It’s a trick, but a dangerously convincing one.
How the Gmail scam works and why it’s so dangerous
The scam looks like this: you receive a message from no-reply@accounts.google.com, a very official-looking email address, telling you that Google has received a request from law enforcement to access your account data. The message includes what appears to be a real Google support ticket, a working link, and language that creates just enough panic to make you click.
But here’s the catch and it’s subtle.
The link, while it includes Google’s name, doesn’t lead to support.google.com. Instead, it redirects to sites.google.com, which can host user-generated pages. From there, victims are sent to a fake login page designed to steal their credentials. It’s well-made, eerily familiar, and very easy to fall for.
Kaspersky notes other red flags buried in the email’s technical details:
- A ‘To’ field pointing to an unusual third-party address
- A ‘mailed-by’ header showing a suspicious domain, like fwd.privateemail.com
- A fake ‘signed-by’ using legitimate-looking Google details
The result? Most users won’t notice anything wrong until it’s too late — especially when fear and urgency are used as manipulation tools.
Google’s response to phishing attacks and how to protect your account
Google is already on the case. In a statement, the company confirmed it was aware of this specific type of targeted phishing attack and has begun rolling out protections to block it across its platforms. These updates are expected to be fully in place soon.
In the meantime, Google is reminding users of a few key facts:
- It will never ask you to confirm personal information or login details via email
- It does not send official requests via sites.google.com or any external domains
- If in doubt, access your account directly by typing gmail.com into your browser — never through a link in a suspicious message
Google is also strongly encouraging users to enable two-factor authentication and use passkeys, which provide an extra layer of defence even if someone does get hold of your password.
Google Chrome gets AI boost to block phishing attacks
In a bit of good timing, Google has also announced new scam protections for its Chrome browser. These updates use on-device AI to detect and block phishing attacks in real time, exactly the sort of scam this new Gmail threat represents.
So, if you receive an unexpected email that stirs up fear or urgency — even if it looks perfectly legit — take a breath before clicking anything.
And remember: Google will never threaten legal action or ask for your password via email.
If anything about the message feels off, it probably is.
Stay tuned with Euro weekly news for more technology news
