Skip to content

Security Experts Just Issued This Urgent Warning to All Gmail Users

A new scam could be putting your personal data and money at risk.

Google may be most widely known as a search engine, but the tech giant has evolved over the decades to also offer a much wider range of tools and services for the digital age. This includes Gmail, its popular email service that was launched in 2004, which had grown to 1.8 billion active users as of 2020. But while the service prides itself on being a top option for sending and receiving digital communications, security experts have just issued a warning to all Gmail users about an emerging new security issue. Read on to see what you should be on the lookout for in your inbox.

READ THIS NEXT: Microsoft Just Issued This Urgent Warning for All Windows Users.

Google has been no stranger to new security threats lately.

A closeup of a hand holding an Android phone on a desk

As one of the most widely used and trusted tech companies on the planet, Google prides itself on being able to provide safe and secure service to those using its products. But unfortunately, this has also made it useful for scammers and cybercriminals to target the company and those who rely on it in recent months.

Last month, financial cybersecurity firm ThreatFabric announced that it had discovered a dangerous new piece of banking malware known as "Octo" that targets Android phones. According to the company's warning, the program is secretly downloaded onto devices after unsuspecting victims click a link on a website or landing page that produces a phony browser or software update request. It will then run in the background, giving hackers complete remote access to your phone and its files while making it appear to be switched off.

And on April 1, another Google-related cyber security breach was announced when research group Lab52 issued a warning that it had discovered a malicious piece of software capable of infecting Android smartphones. By using a program known as "Process Manager," victims who accidentally download the malware by clicking on a link sent via email or text grant full access to their phone's camera and microphone, as well as allowing it to read text messages, emails, call logs, contact information, and the device's exact location. The data is then sent back to hackers and can be used to extort or blackmail them, The U.S. Sun reported.

Experts are now warning a new scam is targeting Gmail users with some unsettling tactics.

Woman looking at her email

Unfortunately, it appears the number of potential cybersecurity threats for people who use Google products and services is still growing. In a May 2 blog post, email security firm Avanan reported it had detected a new scam being used by fraudsters targeting Gmail users that allows them to make it appear as though a reliable or legitimate source such as a company or brand sent an email. But in reality, it's a "phishing" attempt for personal information, credit card numbers, download viruses or malware, or even a request for a direct transfer of money.

RELATED: For more up-to-date information, sign up for our daily newsletter.

Scammers are using new tactics to ensure these emails get through security filters.

A young woman looks at her smartphone with a concerned look on her face.

According to Avanan, hackers have found a loophole in Gmail's SMTP (Simple Mail Transfer Protocol), a service used to send out large batches of emails for marketing or newsletter purposes. While this is a commonly used tool, the latest breach appears to make it possible to alter the address shown in the "from" field of messages you may receive—and even make it more likely the email will slip through spam or security filters built into Gmail, Express reports.

"Within Gmail, any Gmail tenant can use it to spoof any other Gmail tenant," the company explains in the post. "That means that a hacker can use the service to easily spoof legitimate brands and send out phishing and malware campaigns."

The agency reports that while this isn't the first time scammers have used the tactic, there has been a significant uptick recently. They note that it detected roughly 30,000 emails sent during a two-week period last month alone, with some spoofs pretending to be from companies such as cash transfer app Venmo and workflow organizer Trello.

Here's how you can protect yourself from falling victim to a Gmail spoofing scam.


Because of the new threat, Avanan warns that Gmail users should always double-check the sender's address in an email they receive, especially if it's unexpected or requests an urgent response or action. It's also best to hover over any link to see where it could be sending you before clicking it.

For now, Google also says it's aware of the issue and is working to prevent future scams. "We have built-in protections to stop this type of attack," a Google spokesperson told cybersecurity and technology blog Bleeping Computer. "This research speaks to why we recommend users across the ecosystem use the Domain-based Message Authentication, Reporting & Conformance (DMARC) protocol. Doing so will defend against this attack method, which is a well-known industry issue."

READ THIS NEXT: Apple Just Issued This Major Warning for All iPhone and iPad Users.

Zachary Mack
Zach is a freelance writer specializing in beer, wine, food, spirits, and travel. He is based in Manhattan. Read more
Filed Under