Phishing for passwords of unwary Google users

GMailHow much damage could be done if your Gmail password fell into the wrong hands?

Quite a lot I would wager.

Because not only would an identity thief be able to send emails pretending to be you, and trawl through your old messages for passwords and financial information, but also your Gmail password will also unlock your other Google accounts – including Google+, Adwords, Google Checkout, Google Docs, YouTube and so forth..

So, you should work hard to protect your username and password credentials for Google login details.

Sign up to our free newsletter.
Security news, advice, and tips.

Here’s an email that SophosLabs has seen spammed out, pretending to come from Google’s team:

Gmail phishing email

The email claims that the recovery email address associated with your Google account has changed, and if you do not verify it then you might lose your account in its entirety.

Dear Account User,

Thanks for updating your e-mail address with us.We changed your recovery e-mail address in our files to [redacted] this is correct, you can disregard this e-mail. If the new e-mail address is not correct or you did not request this change. Follow the instruction in updating your account

However, Failure to do so may result in account suspension permanently.

Thanks for using Gmail!.



Clicking on the link in the spammed-out email does not take you to your Google accounts settings, however. Instead, you are taken to a compromised website which is hosting a phishing page – designed to steal your password.

Gmail phishing website

Always take care about what links you click on, and don’t enter your personal information until you are confident you have reached a legitimate site,

And if you need further advice, why not read my point-by-point advice about how to stop your Gmail account being hacked.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.