If you’re one of the 1.8 billion people worldwide who rely on Gmail, it’s time to sit up and take notice. Google has warned sharply about a sophisticated new scam targeting inboxes everywhere, including Australia.
The message from Google is clear: ‘Do not respond to these messages.’ But what exactly is going on, and how can you protect yourself? Let’s break down what you need to know, how this scam works, and the steps you can take to keep your personal information—and your peace of mind—safe.
This latest scam is being dubbed the ‘no-reply’ email attack. Here’s how it works: you receive an email that appears to come from [email protected].
The message claims that law enforcement has subpoenaed Google and is about to release everything in your account.
To make matters worse, the email includes a link to a legitimate Google support page, supposedly containing all the details about the legal case against you.
It’s a nerve-wracking message designed to scare you into action. But here’s the catch: it’s all a fake, meticulously crafted by online scammers hoping to trick you into handing over your personal information.
The real danger begins when you click the link in the email. You’ll be taken to a page similar to a Google login screen.
If you sign in, you’re directed to a convincing but entirely fake Google support site. Here, you’re prompted to download documents or grant permissions to a so-called ‘app’ to view the supposed subpoena.
By doing this, you unknowingly give scammers access to your Google account. They might be able to read your emails, access your files, or even install malware on your device.
In the worst cases, this malware can steal your passwords, access your bank details, or lock you out of your device.
This attack is particularly dangerous because it exploits Google’s systems. According to Nick Johnson, a tech developer who’s worked with Google and Ethereum, the scammers use a tool called Google OAuth.
This tool is designed to let third-party apps access your Google account, with your permission.
The scammers create a fake app, register it with Google, and then use it to send emails that look like they’re coming from Google’s system.
The support page you’re sent to is even hosted on Google’s sites.google.com, making it look all the more legitimate.
Recently I was targeted by an extremely sophisticated phishing attack, and I want to highlight it here. It exploits a vulnerability in Google's infrastructure, and given their refusal to fix it, we're likely to see it a lot more. Here's the email I got: pic.twitter.com/tScmxj3um6
— nick.eth (@nicksdjohnson) April 16, 2025
Spotting the red flags
So, how can you tell if an email is a scam? Here are some tips:
- Check the sender’s address: Look at the ‘to’ and ‘mailed-by’ fields in the email header. If you see strange addresses—especially those starting with ‘me’ (like [email protected])—it’s a red flag.
- Be wary of urgent legal threats: If you receive a message claiming you’re under investigation or that your account is about to be handed over to law enforcement, take a deep breath and double-check before clicking anything.
- Don’t click suspicious links: If unsure, don’t click the link. Instead, go directly to Google’s official support site by typing support.google.com into your browser.
Google now recommends that users switch from traditional two-factor authentication (2FA) to passkeys.
Passkeys are a new, passwordless technology that uses cryptographic keys stored on your device. You authenticate using biometrics, like a fingerprint, face scan, or PIN.
While 2FA is still much safer than using a password alone, it’s not immune to phishing attacks. Passkeys, however, are phishing-resistant because they never leave your device and can’t be intercepted by scammers.
Have you received a suspicious email claiming to be from Google? Did you spot the scam, or did you nearly fall for it? We’d love to hear your experiences and tips for staying safe online. Share your story in the comments below.
Also read: Gmail users beware: Billions are at risk of a ‘sophisticated’ personal info heist
