May Day Gmail phishing

Mrs Clu-blog received an email yesterday purporting to come from the Gmail security team. If she had been bleary-eyed from the May Day morning festivities in Oxford then perhaps she would have clicked on the link without considering the consequences, but thankfully she thought twice.

Gmail phishing email

The email reads:

From: Gmail Security Team <[email protected]>
Subject: Secure Your Gmail Account

Sign up to our free newsletter.
Security news, advice, and tips.

We have initiated verification on your email address.

Verifying your email address ensures that you can securely retrieve your account information if your password is lost or stolen. You must verify your email address before you can use it on Gmail services that require an email address.

To complete verification, click on the link below:

CLICK HERE TO SECURE YOUR GMAIL

For your security, please keep your email address information up-to-date.

Thank You
Gmail Team

© 2010 Google. All Rights Reserved

Of course, the email isn’t really from the team at Google’s Gmail service. And clicking on the link will take you a third-party site that does a pretty convincing job of displaying a webpage identical to the Gmail login screen, for the purposes of stealing usernames and passwords.

Further investigation uncovers that the website that users are directed to contains multiple phishing pages, not just those aimed at Gmail users.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky, Mastodon, and Threads, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.