Fake Gmail notifications to steal email account login credentials
Cybercriminals are using fake Gmail notifications to steal email account login credentials. Like most email phishing scams, the messaging in the email attempts to scare the victim into reacting without scrutinizing the email contents.
This cyberattack is convincing because it impersonates Gmail notifications that every Gmail user has seen before – so they are familiar. The attack also impersonates a Google web page.
“This attack, in particular, uses this method by mimicking an automated Gmail message claiming there was a request made to add an email to the recipient’s account,” says the report by security researchers at Abnormal Security.
Gmail Phishing Email
This Gmail impersonation uses what appears to be an automatically generated notification. The recipient is informed that there is a request to change to their Gmail account.
If the recipient does not respond to the fake notification, they are scared into thinking that their email will be merged with another Gmail account.
The victim is instructed to click on a link if they do not recognize the email account that to be merged with. Which they don’t recognize- because it’s fake.
When the victim clicks on the link, they are sent to web page that impersonates a Google account page.
Next, the victim is sent to a Microsoft Outlook sign-in page where they are prompted to enter in their login credentials. If they do, the email account is compromised.