Another day, another online scam making the rounds—and this one is more dangerous than usual. From fake toll road messages to fraudulent concert tickets on social media, scams seem to be everywhere. Now, there’s a new “sophisticated” Gmail scam that’s targeting users in Texas and across the U.S., and it has tech experts seriously concerned.
What’s the New Gmail Scam All About?
This latest phishing scam was exposed by Nick Johnson, lead developer of Ethereum Name Service (ENS). He recently shared details on social media about how the scam works and why it’s so dangerous.
According to Johnson, the scam looks very professional and convincing. It tricks users by pretending to be a legal notice from Google, saying law enforcement has issued a subpoena for access to your Gmail account.
The fake message reads something like:
“This notice is to alert you that a subpoena was issued to Google LLC by law enforcement to retrieve information from your Google account. To see the case or submit a protest, visit the provided Google Support Case.”
It sounds official and includes links that appear to be from Google. But if you click them, you’re taken to a fake site designed to steal your login details or install malware.
Why This Scam Is So Dangerous
This phishing attack is being called “sophisticated” because it exploits a gap in Google’s infrastructure. Johnson warned that since Google hasn’t fully fixed the issue, more attacks like this could happen.
What makes it worse is how real the message looks. Unlike old scams full of spelling mistakes and poor formatting, this one is professionally written, with Google-style branding and links.
How to Stay Safe From Gmail Scams
Thankfully, Google is aware of the scam and has already started rolling out security protections. They are also asking users to update their Gmail settings immediately. Here’s what you should do:
- Set up a recovery email and phone number – This is your only way to get back into your account if you get locked out.
- Use two-factor authentication (2FA) – Add a second step to your login, like a text message or app code.
- Never share your password or verification code via email – Google will never ask for it.
Ignore and delete any suspicious emails – If it looks like a legal notice or security alert but seems unusual, it’s likely fake.
Google recommends switching to passkeys or stronger login methods to protect against these scams in the future.
What Google Says About the Attack
In a public statement, Google said:
“We’re aware of this class of targeted attack from this threat actor and have rolled out protections to shut down this avenue for abuse. In the meantime, we encourage users to adopt two-factor authentication and passkeys.”
They are working to block the threat, but also ask users to stay alert and report suspicious messages.