A recent phishing campaign has targeted Gmail users, exploiting trust in Google’s own email authentication protections. The attackers used a sophisticated method to bypass these protections, sending emails that appeared to be legitimate security alerts from Google itself.
The campaign started at $25, with phishing kits available on dark web forums and Telegram groups operated by cybercriminals. These kits can contain features such as fake websites, malicious scripts, and data exfiltration tools to steal user information.
Google has promised to shut down this avenue for abuse with a new update, deploying protections that will counter the specific attacks from the threat actor concerned. In the meantime, users are advised to enable 2FA protections and switch to using passkeys for Gmail to provide strong protection against phishing campaigns.
Cybersecurity experts warn that awareness training should evolve with the threat landscape, addressing both new and persistently effective techniques. They emphasize the importance of robust multi-factor authentication, as credential theft and abuse will continue to be an attractive target.
Users can take several steps to protect themselves:
1. Be cautious of emails that purport to be from legitimate sources, even if they are from Google.
2. Enable 2FA protections for your Gmail account.
3. Use passkeys instead of traditional passwords for added security.
4. Stay up-to-date with the latest information on phishing campaigns and techniques.
By being aware of these risks and taking proactive steps, users can reduce their vulnerability to phishing attacks in Gmail even from Google.
Source: https://www.forbes.com/sites/daveywinder/2025/04/21/new-gmail-warning—do-not-open-this-email-from-google