Be Aware, New phishing technique abusing legitimate Google email notifications

[Dictator69]

Hi everyone!

I was reading news and this one specific report got my attention. It is related to a security flaw which is not basically hacking, but more like feature abuse of Google.

Casa co founder Jameson Lopp warned us about a new phishing technique that these scammers are using. They are using legitimate Google infrastructure like Workspace or developer tools to input frantic scam messages directly into the "Name" or "Organization" field and then they enter thousands of spaces which hide the disclaimer by Google that says "If you didn't request this, ignore it." So when someone receives a recovery email notification in their email they would not read the last disclaimer because scammers put thousands of spaces to hide it.

These emails won't go into our spam folder because they are triggered by Google itself, and they pass all security checks like SPF, DKIM, and DMARC and land straight in your Primary Inbox, not in the spam folder.

Thousands of spaces will push the legitimate system footer down, and you will only see the scammer's scary message on the top. You would see the email which is the official Google email and you could think it is real but before clicking anything verify directly from your Google account security feature as they have said it themselves.

Stay safe, check your settings manually, and never rush into clicking links out of panic! Although chances are high that by now they might have solved the issue but even if you have received such emails manipulated by scammers, don't do anything and confirm from your security activity log on Google's main security page.
 

[hd49728]

Stay safe, check your settings manually, and never rush into clicking links out of panic! Although chances are high that by now they might have solved the issue but even if you have received such emails manipulated by scammers, don't do anything and confirm from your security activity log on Google's main security page.

There is no need of a hurry to change anything, there is a mandatory step to check your account security, activity log before doing anything later. If there is nothing strange in your account log, security log, you can feel that your account is safe. Then you can check by searching for whether there is any scam wave aims at Google and Gmail accounts, and likely you will find something.

Above all these things, with any accounts, not only Gmail accounts, you must use strong passwords and turn on 2FA.
[GUIDE] How to create a strong password.

Preventing your account hack by having strong password and active 2FA is better than are fearful of account hack while don't set up security things properly.

[Chinesebaby]

Hi everyone!

I was reading news and this one specific report got my attention. It is related to a security flaw which is not basically hacking, but more like feature abuse of Google.

Casa co founder Jameson Lopp warned us about a new phishing technique that these scammers are using. They are using legitimate Google infrastructure like Workspace or developer tools to input frantic scam messages directly into the "Name" or "Organization" field and then they enter thousands of spaces which hide the disclaimer by Google that says "If you didn't request this, ignore it." So when someone receives a recovery email notification in their email they would not read the last disclaimer because scammers put thousands of spaces to hide it.

I have seen many times the image on the left you just shared above on my Google mail inbox, but never knew it was fake and didn't come from Google entirely, since everything looks real and authentic, displaying Google features. But what I usually do is ignore it, since I never initiated any action to add a recovery mail on my account, and when I see it, I'm sometimes always confused. So I'm happy and want to thank you O.P for sharing this wonderful piece of information to us regarding our Gmail security.

[snowpega]

Thank you, OP, for bringing this to our attention. I literally received a lot of promotional emails on a daily basis. But I never opened them and click them. I am already aware of how much it can be risky to click the unknown link, more espacially if you are a crypto space user. So, we have to be extra attentive in such cases. As a single mistake can lead to worse-case scenarios, where we can lose our assets. Abide by this, I have been facing attacks back in the days, and I still don't know the reason for that.

But on ALTT, a user suggested to me I should not use an unpaid VPN as it can also bring trogone attacks to the device.
After he gave me this advice, I bought a paid one for my use. Now you may be wondering why I use VPN, haha. Actually, in my country, Telegram is banned, so I have to use a proxy to access the Telegram app, and as a user of this forum, you also know the importance of the Telegram app.

[Dictator69]

There is no need of a hurry to change anything, there is a mandatory step to check your account security, activity log before doing anything later...

You are right, we must check the official security log directly from the main dashboard and should not panic because that's exactly what these scammers rely on to make people click links blindly. The scary message they write could convince people to click on the recovery emails that they have manipulated for us. That's why we should take a deep breath and manually verify.

Also, thank you for sharing that guide link for creating strong passwords and emphasizing 2FA. You are absolutely right that 2FA is a mandatory shield for any crypto user nowadays.

Although it is also worth mentioning that in this case if a beginner unknowingly clicked on that link shared by the scammer and even if they have 2FA in place, that link will take the victim to a recovery page where they have to change the password and information and on the same page they have to provide the OTPs etc. so when they do that in the active session which belongs to the scammer then the scammer can access the account using AiTM technology they have been using which automates everything. Although these attacks could stop most of the attacks.

Appreciate your highly valuable addition to the thread! Stay safe.

I have seen many times the image on the left you just shared above on my Google mail inbox,...

You are on the spot sir, because if we have not initiated anything from our end and still are receiving an email that means someone is trying to access our mail especially in this case. Scammers have to have your email first then in the recovery they will enter your email and in the name or organization field they will enter their message which would look like as shown in the images. These are not my images, they were shared by Lopp on his Twitter.

The footer note which tells us that if you have not done anything then ignore the mail is visible in the real one and not visible in the fake one, so most likely a vulnerable person could click on the email. I am glad that it helped.

Thank you, OP, for bringing this to our attention. I literally received a lot of promotional emails on a daily basis. But I never opened them and click them....

If you are already receiving many spam emails that means you are on their list, so be extra careful. We should not reuse our emails for everything and our main working emails should be isolated from offers and activities that are unnecessary for our work. That's how we can save ourselves directly in the first place but you are doing great and I am happy that it was worth sharing.

Yes bro I know the effort here in using Telegram, I have been using proxies for a long time and if they were the issue then I never faced one although I do remember reading your posts about AI and the security alert messages you received. The way you are saying it, they seem like a serious case but if the virus was actually there then you would have lost your funds already if I am not wrong. Because hackers don't delay things.

[EluguHcman]

Stay safe, check your settings manually, and never rush into clicking links out of panic! Although chances are high that by now they might have solved the issue but even if you have received such emails manipulated by scammers, don't do anything and confirm from your security activity log on Google's main security page.

There is no need of a hurry to change anything, there is a mandatory step to check your account security, activity log before doing anything later. If there is nothing strange in your account log, security log, you can feel that your account is safe. Then you can check by searching for whether there is any scam wave aims at Google and Gmail accounts, and likely you will find something.

That is just the simplest way to overcome such insecurity scamming threats.
If you have such notifications from Google account then you don't need to panic hastening to make the change as the contents of the mail instructed otherwise you will think you want to act too smart and there will just be the circumstances that would get your device security at the risk according to the will of the scammers behind the malicious mail.

To keep safe, when such notifications comes in, first your immediate attempt should be about accessing your Google account if there was a potential compromise before taking any action because these scammers had come so far in disguising themselves with their scamming schemes looking legitimate.

So if you find your account safe all you should do is just to ignore the notification.

[Nwada001]

Over the past few months I have been receiving some similar mail for Google security, and I can't recall making such requests. Since the mail is one which I already considered to be exposed to scammers, I don't pay attention to it again. As long as I did not make any request and checking through my security logs shows no recent activities from unknown devices, I just ignore the mail.

Before we used to check on senders to see how secure the mail is, but now that it's easier for these guys to use that loophole to their own advantage, people need to be careful in terms of identifying which mail is real and which one is not.

[YellowSwap]

This is one of those scams that I can never fall victim for, because I don't even look out for such notifications from Google and that's because my email is something I don't take very serious as it's a centralised operating company anyway.

Anything that has anything to do with money you aren't getting, if somehow you manage to get into my Gmail account it's going to be empty as fuck, I don't have money locked up somewhere that my Gmail will reveal and I don't store recovery seed on Gmail too.

Security and account log is a good way to have any eye on everything that's happening, so yes if you have the patience to crosscheck very well ( I advise you should) things should be fine.

[hugeblack]

Thank you, but what does Google email have to do with cryptocurrencies and Bitcoin? If a user trusts Google to store a copy of their wallet seed or an encrypted version of it, they will most likely lose their coins quickly.

I advise staying away from all Google services if you want to enhance the privacy/security of your cryptocurrency use.

[snowpega]

...
Yes bro I know the effort here in using Telegram, I have been using proxies for a long time and if they were the issue then I never faced one although I do remember reading your posts about AI and the security alert messages you received. The way you are saying it, they seem like a serious case but if the virus was actually there then you would have lost your funds already if I am not wrong. Because hackers don't delay things.

Well, maybe you are right about that, as if I share my current experience with you till the day I am using a paid VPN, I have not been attacked again by any such virus, and I am not getting any suspicious virus notification. The conversation that I had with that member, I said to him that I don't use any open source application and all that application i have in my mobile phone are directly installed from the Google Play Store. Then he said there are some apps available on the Google Play Store that do their work once you install them on your mobile phone.

So, maybe hackers use such a technique to bypass the Play Store algorithm, and when they upload their application to the Google Play Store for approval, it marks them safe even though they are unsafe. Do you agree with this point, or can this happen? Like, is it impossible to bypass the Play Store algorithm for uploading an unsafe application on it?

[Porfirii]

In fact, Google is doing it the right way because you only have to take action in order to add a recovery contact, not to avoid adding it like the scammers pretend. That should always be the case when you get unexpected notifications, so that the default decision is to do nothing, which in turn is the safest thing to do.