These days, scam emails are getting tougher to spot. This is especially true with the use of artificial intelligence (AI) such as ChatGPT, Copilot, Gemini, and the like. And now, Google is in the hot seat with a spotlight on email phishing. Bad actors are sending these emails signed by Google and look 100% legitimate. A closer look at this phishing scam will help you tell the difference going forward.
How This Phishing Scam Hooks
Hackers are exploiting two Google vulnerabilities allowing them to phish using Google’s name, and that gets user trust and clicks. But this scam also relies on a tried and true phishing red flag: A sense of urgency in the email title and message. Hackers know urgency leads to panic and acting quickly without stopping to think. It also helps when the emails look like valid Google security alerts.
Clicking on the email’s link brings potential victims to a bogus “Google Support” page. This page offers links to “view case” or “upload additional documents.” However, both links go to the same phony login page requiring user account credentials. From there, bad actors steal login information, perform account takeovers (ATOs), identity theft, and a host of other cybercrimes.
Don’t Bite
It’s a sad fact that phishing emails are getting harder to spot, but some methods of finding them remain the same. Using both phishing smarts and your Spidey Sense still go a long way staying on the safe side of these attacks. Remember, using your common sense first is always the best defense.
Since urgency grabs attention, it’s time to use a complete “stop and think” approach, no matter whom the sender claims to be. Do some checking on the sender and/or your account, and don’t click on any links since they can hide malware. Instead, go to the company’s official website or app and login. Never use any contact information or links in the email, and always type in the URL yourself.
Carefully check the source of the email sender and website links, looking for tricky misspellings. Although the above email scam used Google as its cover, the ‘mailed by” area read as “privateemail.com.” Lastly, keep all apps and software updated including anti-virus. They often include bug fixes and security patches. And don’t pass up the opportunity to use two-factor authentication (2FA).
Sometimes, it’s the little things giving scams away. Remember to tread carefully, trust your instincts, and never make it easy for the cyber-scammers. As they say, you’re always better safe than sorry.
SUBSCRIBE TO WEEKLY NEWSLETTER
