In a chilling reminder of how advanced cybercrime has become, Gmail users across the globe are being warned about a new wave of highly sophisticated phishing scams so realistic they’re even bypassing Google’s own security systems.
Cybercriminals, now armed with artificial intelligence, are crafting emails and making calls that sound eerily authentic often impersonating Google itself.
These scams don’t just look real they are real in the eyes of email security protocols, complete with verified domains and digitally signed messages from addresses like no-reply@google.com.
The bait? Urgent legal threats like subpoenas or account breaches designed to jolt users into a panic. Clicking the embedded links redirects victims to near-perfect replicas of Google’s official pages, where credentials are silently harvested.
Developer Nick Johnson was one of the first to raise the red flag. In a detailed post on X (formerly Twitter), he revealed how the scam had duped even him. He warns that the first thing to note is that this will be a valid, signed email , really sent from no-reply@google.com. He further says that tt passes the DKIM signature check, and Gmail displays it without any warnings.
Behind the scenes, a threat group known as Rockfoils is believed to be orchestrating these targeted attacks. Google has since acknowledged the issue, stating that they have already begun rolling out security updates to counteract this specific threat.
Cybersecurity expert Spencer Starkey, Vice President at SonicWall, emphasized the need for proactive defenses. He says that cybercriminals are constantly developing new tactics, techniques, and procedures to exploit vulnerabilities and bypass security controls. Companies must be able to quickly adapt and respond to these threats.
Until Google’s countermeasures are fully in place, users are strongly encouraged to take matters into their own hands: enable two-factor authentication, adopt passkeys, and remain skeptical of unsolicited security alerts, no matter how real they may seem.