Experts warning about a Gmail phishing scam targeting users | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

SAN DIEGO — A phishing scam targeting Gmail or Google account users is raising alarm among cybersecurity experts. The Identity Theft Resource Center (ITRC), a national nonprofit based in San Diego, shared information about this “Gmail scam,” which uses deceptive messages designed to look like legitimate Google communications.

“It looks like it’s legitimate and really from Google; however, some of the text and links have been altered, making it a malicious message,” said Eva Velasquez, CEO of the Identity Theft Resource Center (ITRC)

The scam is particularly concerning because cybercriminals are repurposing legitimate content directly from Google, making these phishing emails nearly indistinguishable from authentic messages.

Nikolas Behar, an adjunct professor of cybersecurity at the University of San Diego, explained the technical aspect of the scam. 

“The attackers are leveraging something called Google Sites, which is a feature of Google that allows people to create their own type of website, and they are sending malicious links that are hosted on Google Sites,” Behar said. “So when someone accesses that link they think that it’s legitimate.”

Experts warn that clicking on these deceptive links can expose personal data or compromise devices. Velasquez elaborated on the potential risks: 

“In this case, especially with phishing emails, it’s usually about ‘I want to infect your device so I want you to click on something that’s goning download some kind of malicious software on to your device, or I want you to provide personally identifiable information about yourself, your data to me so that I can go then and exploit it later,'” Velasquez said.

To protect against these Gmail scams, the ITRC recommends several precautions, including:

1. Don’t click on links in unsolicited or unexpected emails

2. Carefully inspect the full email address

3. Review email headers

4. Avoid using your Google account when signing into other services

Behar emphasized the importance of verifying website addresses.

“(It’s) really important whenever you’re entering credentials or whenever you’re entering any kind of username and password that you verify the website that appears at the top of the screen and the URL bar,” Behar said. “Because in this case, after they go to (these) sites … they click on another link and they’ll be redirected somewhere else.”

The ITRC also advises users to contact the source directly if they suspect they’ve received a fraudulent email, rather than responding to the message itself.

For those who may have fallen victim to this or similar scams, the ITRC offers free support to help people recognize scams and assist those who have already been targeted.

As technology evolves, distinguishing between real and fake content online becomes increasingly challenging. Cybercriminals continue to refine their methods, making it crucial for users to remain vigilant and informed about the latest scams targeting their personal information.