Highlights

• A new Gmail phishing scam uses emails from no-reply@google.com to trick users into verifying their account activity via fake links.
• Scam emails mimic Google’s branding but often feature urgent language, grammatical errors and suspicious links.
• Users should avoid clicking links, check Gmail directly for activity, report phishing emails and enable two-factor authentication for added security.

Caption – New Gmail scam alert! (Image credit – @nicksdjohnson on X)

If you recently got an email from no-reply@google.com telling you to “verify your account activity” or risk your Gmail being deactivated, don’t click anything. A convincing Gmail phishing scam is making the rounds and it’s catching people off guard because it looks very real.

The scam was first flagged by X (formerly Twitter) user Nick Johnson, who posted, “Recently I was targeted by an extremely sophisticated phishing attack, and I want to highlight it here. It exploits a vulnerability in Google’s infrastructure.”

Recently I was targeted by an extremely sophisticated phishing attack, and I want to highlight it here. It exploits a vulnerability in Google’s infrastructure, and given their refusal to fix it, we’re likely to see it a lot more. Here’s the email I got: pic.twitter.com/tScmxj3um6

— nick.eth (@nicksdjohnson) April 16, 2025

Why This Gmail Scam Feels So Real?

Caption – Gmail scam mail sender details. (Image credit – @nicksdjohnson on X)

The email is dressed up with official Google branding, a legit-looking logo and wording that sounds just like Google’s usual alerts. Johnson explained in a details X thread, “The first thing to note is that this is a valid, signed email — it really was sent from no-reply@google.com. It passes the DKIM signature check, and Gmail displays it without any warnings — it even puts it in the same conversation as other, legitimate security alerts.”

The first thing to note is that this is a valid, signed email – it really was sent from no-reply@google.com. It passes the DKIM signature check, and GMail displays it without any warnings – it even puts it in the same conversation as other, legitimate security alerts. pic.twitter.com/GxlFR6ccLG

— nick.eth (@nicksdjohnson) April 16, 2025

So yes, it looks totally legit. But it’s not.

The phishing message claims your Gmail account is under review because of suspicious activity. It urges you to click a “Review Activity” button to keep your account from being suspended in 24 hours. It’s all designed to create panic and get you to act fast, a common tactic in scams.

If you click the link, you’re taken to a fake website that looks exactly like the real Google login page. That’s where the trap is set. Once you type in your Gmail info, the scammers can steal –

• Your email and password
• Your recovery email and phone number
• Even your two-factor authentication (2FA) codes

That gives them full control of your account. They can lock you out, steal your personal info, or use your email to target other people.

Johnson further said, “From there, presumably, they harvest your login credentials and use them to compromise your account; I haven’t gone further to check. So how did they do it – especially the valid email? This is due to two vulnerabilities in Google’s infra that they have declined to fix.”

From there, presumably, they harvest your login credentials and use them to compromise your account; I haven’t gone further to check.

So how did they do it – especially the valid email? This is due to two vulnerabilities in Google’s infra that they have declined to fix.

— nick.eth (@nicksdjohnson) April 16, 2025

Regarding reporting the issue to Google directly, Johnson wrote, “I’ve submitted a bug report to Google about this; unfortunately they closed it as ‘Working as Intended’ and explained that they don’t consider it a security bug. Obviously I disagree – but until they change their mind, be on the lookout for deceptive security alerts from Google.”

I’ve submitted a bug report to Google about this; unfortunately they closed it as ‘Working as Intended’ and explained that they don’t consider it a security bug. Obviously I disagree – but until they change their mind, be on the lookout for deceptive security alerts from Google. pic.twitter.com/AoyZOVssPs

— nick.eth (@nicksdjohnson) April 16, 2025

However, he also confirmed in a follow-up post that , “Google has reconsidered and will be fixing the oAuth bug!”

Outstanding news: Google has reconsidered and will be fixing the oauth bug!

— nick.eth (@nicksdjohnson) April 16, 2025

How To Spot the Red Flags Upon Receiving Such Emails?

Even though the sender shows up as “Google,” take a closer look. These scam emails often come from weird-looking addresses full of random characters. Also, watch out for:

• Urgent language (“act within 24 hours!”)
• Grammatical errors
• Suspicious links that don’t go to Google’s real site

Meanwhile, Google also offers general tips for spotting phishing scams such as always checking the full email address, don’t click on links you don’t trust and never enter your password unless you’re 100% sure you’re on a secure, official site.

How to Stay Safe?

If you get one of these emails, here’s what to do:

• Don’t click any links. Instead, open a new browser tab and go directly to your Gmail account to check activity or settings.
• Report the email. Click the three-dot menu in Gmail (top-right corner of the message) and choose “Report phishing.” This helps Google crack down on similar scams.
• Turn on 2FA if you haven’t already. Two-factor authentication adds an extra layer of security in case your password ever gets compromised.

FAQs

Q1. What is the Gmail scam currently circulating?

Answer. It’s a phishing scam where emails claiming to be from no-reply@google.com ask users to verify their account activity or risk deactivation. These emails are designed to steal login credentials, recovery information, and 2FA codes.

Q2. How can users spot a phishing email?

Answer. Look out for red flags such as urgent language (e.g., “act within 24 hours”), grammatical errors, and suspicious links that don’t lead to Google’s official website.

Q3. What steps should users take to stay safe from phishing scams?

Answer. Avoid clicking any links in suspicious emails, check Gmail directly for account activity, report phishing emails using Gmail’s “Report phishing” option, and enable two-factor authentication for additional security.

Also Read: Gmail Wants to Make End-to-End Encryption Easier for Businesses