Google is warning all Gmail users—nearly 2 billion people—to immediately delete a new scam email that looks like it comes from Google itself. Cybersecurity experts say this fake message is part of a clever phishing attack designed to trick people into giving away their personal details.
What Is the ‘No-Reply’ Gmail Scam?
This scam is called a ‘no-reply’ email attack. Victims receive an email from what seems to be a real Google address: [email protected]. The message claims Google has been ordered by law enforcement to release all your account details due to a legal case.
Inside the email, there’s a link to what looks like a real Google Support page, supposedly explaining the case in detail. But Google has confirmed it’s a fake email, created by cybercriminals to steal your personal data.
How the Scam Works
The trap begins when users click the link and are taken to a page that looks like a Google login screen. If you sign in and download or approve access to see fake legal documents, you unknowingly allow scammers to:
- Read your Gmail messages
- Access your Google Drive files
- Possibly install malware that can steal passwords or even bank details
How Hackers Make It Look Real
According to tech expert Nick Johnson, the scam is effective because it uses real tools from Google’s system. The hackers misuse a service called Google OAuth, which allows apps to access Google accounts with the user’s permission.
Here’s how they do it:
- Set up a fake app and email domain
- Send a message through a service that forwards emails, making it appear to come from Google
- Host the fake support page on Google’s own Sites tool, adding false trust
- Trick users into granting access to the fake app after logging in
Once you do that, scammers may even take over your device or lock you out of your own account.
What Kind of Information Can Be Stolen?
Depending on what you click or download, scammers can steal:
- Emails and files
- Login details and passwords
- Banking information from your apps
- Full access to your device through malware
Some users have even been locked out of their phones or computers remotely.
How to Spot the Scam
Cybersecurity company Kaspersky says to be very careful. These fake emails often look like they come from someone familiar because the sender shows as just ‘me’ in the inbox. But if you check the email address closely, it usually looks strange. For example:
Before clicking anything, always:
- Check the ‘mailed-by’ field
- Look for spelling mistakes or strange web addresses
- Avoid clicking any link if you’re unsure
What Should You Do?
If you receive a suspicious email like this:
- Do not click on any links
- Do not download any files
- Delete the email immediately
- Visit official Google support only by typing support.google.com in your browser, not by clicking links in emails
What Else Can You Do to Stay Safe?
Google recommends switching to passkeys for extra protection. These are safer than traditional two-factor authentication. Passkeys use your fingerprint, face scan, or PIN to sign in, without needing a password or code.
Using a good antivirus program can also help detect and block phishing attacks early.