Elementary Gmail phishing

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Gmail logoCybercriminals are regularly presented as twisted geniuses by the popular media, beavering away in dank basements constructing the latest malware to mess up critical national infrastructure or honing code to break into bank accounts and steal millions.

The truth is, of course, often somewhat less dramatic. The simple truth is that you don’t need to build a sophisticated attack to trick the typical computer users into clicking on a dangerous link or attachment. You just need to dress it up as something alluring (a naked video of Natalie Portman or a bill for an air ticket you never purchased would probably do the job, for instance)

And sometimes, you just need to ask users a question with a straight enough face. If you’re bold and brazen enough, you might just get away with it.

Take this elementary phishing attack that was seen by a reader late last week, for instance.

Sign up to our free newsletter.
Security news, advice, and tips.

Gmail phishing email

Yes, there are typos and inconsistencies in the way that words are spelt in the email, and anyone who pauses to breathe before responding hopefully realises that the one thing Gmail should be able to tell is whether your email account is active or not.. All they have to do is see when you last logged in or read an email, right?

But there will be a small percentage of the public, perhaps those who are not as IT-savvy, who might worry that they will lose access to their precious Gmail account and respond without thinking.

It’s easy to say that people who fall for an elementary phishing attack like this deserve everything they get, but I find that opinion rather hard-hearted. We should all ensure that friends and family who might be vulnerable – even to unsophisticated attacks like this – are briefed about the threats and helped to avoid them.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.