Google has issued an urgent security warning to its 1.8 billion Gmail users worldwide after confirming a “sophisticated” phishing attack that successfully mimicked official communications and tricked users into handing over personal information.
The alert follows a detailed report from Ethereum developer Nick Johnson, who described being targeted by the scam and highlighted a critical vulnerability that allowed the attack to bypass standard verification systems.
“Recently I was targeted by an extremely sophisticated phishing attack,” Johnson posted on social media platform X. “It exploits a vulnerability in Google’s infrastructure, and given their refusal to fix it, we’re likely to see it a lot more.”
How the Attack Works
Victims receive an email appearing to come from Google’s security team, warning them of a subpoena linked to their account. The message directs users to what looks like a legitimate Google support portal, hosted on sites.google.com, rather than the official accounts.google.com.
The webpage asks users to log in, giving attackers access to their credentials. According to Johnson, the scam passed DKIM (DomainKeys Identified Mail) security checks and was shown in the same email thread as real Google alerts, making it nearly indistinguishable from official messages.
“I clicked on ‘View Case’ and ‘Upload Additional Documents’ and both took me to exact duplicates of Google login pages,” Johnson said.
Google’s Response
In a statement to DailyMail.com, a Google spokesperson confirmed the attack and said immediate actions were taken to shut down the method of exploitation.
“We’re aware of this class of targeted attack from this threat actor and have rolled out protections to shut down this avenue for abuse,” the company said.
Google emphasized that users should enable two-factor authentication (2FA) and passkeys to protect their accounts from similar phishing campaigns.
“Google will not ask for your password, one-time passwords, confirm push notifications, or other sensitive credentials. We also will never call you asking for login details.”
What Makes This Attack So Dangerous?
Phishing scams typically rely on generic greetings, urgent claims, and clickable links. What sets this one apart is its use of Google’s own infrastructure — particularly Google Sites — to give the scam an air of legitimacy.
Johnson noted: “People see the google.com domain and assume it’s safe. That’s what makes this so dangerous.”
Without passkeys or 2FA, attackers can gain full access simply by stealing a password — even convincing victims that they’re complying with a legitimate legal request.
What You Can Do to Stay Safe
To protect yourself:
- Use passkeys: A secure login method that only works on your device.
- Enable two-factor authentication: Adds an extra layer of protection.
- Be wary of emails demanding urgent action or that claim to be from legal or government sources.
- Never click on suspicious links. Instead, go directly to the site by typing the URL yourself.
- Check domain names carefully. Official Google security communications come from
accounts.google.com, notsites.google.com.
For legal requests, Google advises users to consult its Privacy & Terms page. While real subpoenas are sometimes served via email, Google will never request your credentials through those messages.
Growing Concerns About Online Scams
This phishing incident follows a rise in cyberattacks targeting personal data. With nearly two billion Gmail users, even a small success rate could affect millions.
Public reactions on social media reflect growing concern. One user tweeted: “It looked so real — I was just one click away from disaster.”
Cybersecurity experts are urging users to report suspicious emails to Google via the “Report phishing” option and to educate themselves on phishing red flags.
If you think you’ve fallen victim to a phishing scam:
- Immediately change your Gmail password.
- Enable 2FA or passkey access.
- Visit Google’s Security Checkup to review recent activity.
- Report phishing attempts to Google’s Phishing Form.
