Beware of this latest phishing attack disguised as an official email sent by Google

Beware of this latest phishing attack disguised as an official email sent by Google

Don't be fooled by these scammers

by Jenna Roach

Remember when we talked about how those sneaky phishing attacks are becoming more common? Well, this time, it looks like Google users might be the target.

We haven’t seen this one before.  While this email uses the Google logo and initially feels legitimate, it’s not.  This is another example of looking at every email very closely before you click on anything.

Let me break down what this particular phishing attack is all about and share some tips on how you can steer clear of it.

What does this latest phishing attack do?

I recently encountered a concerning security-related phishing attack that appears to be impersonating Google. The fraudulent email claims that the recipient’s device is infected with a virus and urges them to take immediate action. It cunningly tricks recipients into clicking on a malicious link, which supposedly leads to a solution for removing the virus from their machine. However, this link is deceptive and poses serious risks to the recipient’s online security.

You’ll notice in the screenshot below that the senders of this message are not from Google at all, which is indicated by their email addresses <postmaster@favorablecheerful.net>.

 

1-GOOGLE VIRUSWe contacted Google regarding the matter, as it didn’t resemble any recent phishing attack we’d seen before, and sought further information. Here is the response we received from a Google spokesperson:

We urge people to proceed with caution when reading emails from someone claiming to be an authoritative resource. Unfortunately, unscrupulous people sometimes try to use the Google brand to scam and defraud others. In Gmail, our sophisticated protections will block more than 99.9% of spam, phishing, and malware, but whichever email service you use, we encourage users to follow these three best practices to help avoid becoming a victim of a scam:

  • Slow it down. Scams are often designed to create a sense of urgency. Take time to ask questions and think it through.

  • Spot check. Do your research to double-check the details you are getting. Does what they’re telling you make sense?

  • Stop! Don’t send. No reputable person or agency will ever demand payment or your personal information on the spot”

1-PHISHING SCAM ON PHONE
MORE: DID YOU FREELY SAY ‘YES’ TO ALLOWING APPS PERMISSION TO YOUR GOOGLE ACCOUNT? 

 

How else can I further protect myself from phishing scams?

The statement from Google gives some great advice, and I think it can apply to all phishing scams, whether the attacker is claiming to be from Google or not. I have a few of my own suggestions that I want you to keep in mind to further protect yourself from phishing scams:

#1 tip: Use antivirus software:  This is perhaps one of the best investments you can make for yourself to protect yourself from phishing scams. Having antivirus software running on your devices will make sure you are stopped from clicking on any malicious links or from downloading any files that will release malware into your device and potentially have your private information stolen.

Special for CyberGuy Readers:  My #1 pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package.  

Read my review of my best antivirus picks here

Best Antivirus Protection 2023

Verify the sender’s email address: Check the sender’s email address carefully, as scammers often use slight variations or impersonate legitimate sources. If the email address looks suspicious or unfamiliar, do not click on any links or provide personal information.

Avoid clicking on links directly: Instead of clicking on links in emails, hover your mouse over them to see the actual URL. If the link doesn’t match the supposed source or seems unusual, refrain from clicking on it.

Be cautious with email attachments: Do not open attachments from unknown or unexpected sources, as they could contain malicious software. If you weren’t expecting the attachment or don’t know the sender, verify its legitimacy before opening it.

Enable two-factor authentication (2FA): Whenever possible, enable 2FA for your online accounts. This adds an extra layer of security by requiring a second form of verification, such as a unique code sent to your phone, in addition to your password.

Be cautious with personal information: Be wary of sharing sensitive information online, especially if it’s unsolicited or seems suspicious. Legitimate organizations rarely ask for personal details via email.

Report suspicious emails: If you receive a suspicious email claiming to be from a specific organization, report it to that organization’s official support or security team so they can take appropriate action.

Educate yourself and others: Stay informed about the latest phishing tactics and share this knowledge with friends, family, and colleagues. Awareness is a powerful tool in preventing scams.

Keep software up to date: Regularly update your operating system, web browsers, and antivirus software to ensure they are equipped to detect and prevent the latest threats. You can regularly check for these updates on your device’s settings app for software updates, and you can go to your App Store or Google Play Store (depending on the device you have) to check for updates on individual apps. 

iPhone:

To check for software updates on your iPhone:

    • Open the settings app, tap on General, then tap on Software update

To check for app updates:

    • Open the App Store, tap on your profile picture, and scroll down to see if there are any available updates

Android:

Settings may vary depending on your Android phone’s manufacturer 

To check for software updates on your Android device:

    • Open the Settings app, tap on System, then tap on Advanced and System update, or on some devices just scroll down and tap on Software update. If there is a software update just tap download and install.

To Check for app updates:

    • Open the Google Play Store, tap on the three horizontal lines, then tap on Manage apps & Device to see if there are any available updates

3-SOFTWARE UPDATE

MORE: THE TWO APPS ON GOOGLE PLAY STORE THAT ARE PUTTING MILLIONS OF ANDROID USERS AT RISK

 

Kurt’s key takeaways

Whenever you receive an email, use your best judgment before clicking links or opening attachments, especially if it’s from someone you don’t recognize.

Google will continue to try to protect Gmail users from these kinds of phishing attacks. Their data on this particular abuse campaign shows them blocking 99%+ of these emails.

If you do happen to see a similar email reach your inbox, please report the email as abuse (instructions here) to help their tools get even better at protecting users from these campaigns.

What more do you think should be done to protect people from these malicious phishing attacks?  Let us know by commenting below.

FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

 

 

Copyright 2023 CyberGuy.com.  All rights reserved.  CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.


   

24 comments

Connie August 5, 2023 - 6:40 am

Excellent article! Recently I received an email that I was skeptical about its legitimacy. So I took some time and logged on to the site without clicking on the email. As it turned out it was legitimate and very important. I’m glad I took the time to investigate on my own. A little time saved me from possibly having a nerve wracking complication later.

Reply
Bonnie August 5, 2023 - 8:49 am

My husband and I are getting hundreds and hundreds of malicious texts. iPhone 14. (Or 13). We turned off all notifications that we know of.

Reply
Kurt-Knutsson
Kurt Knutsson August 5, 2023 - 11:59 am

Hi Bonnie. Sorry to hear this. Read our article here on tips to try to stop these spam texts.

Reply
Craig Casey August 5, 2023 - 1:54 pm

I’ve been a victim in the past of lying emails. One good way to check if it’s legitimate is to hit reply and then carefully examine the email address that comes up. A lot of times an Amazon email address ends up looking like errvkiubhjji@y6e4f.com, in other words, BS.
Craig Casey

Reply
Pan Durham August 6, 2023 - 9:59 am

This is a very useful article

Reply
Gee August 9, 2023 - 5:59 am

Thanks to ALL the Companies I have done business with and those that collect data from the public domain my information has been in at least 15 data breachs over the years. So, my info is out there because of their negligence.
Too bad I can’t sue the pants off them. Good article with sound advice.

Reply

Leave a Comment

GET MY FREE CYBERGUY REPORT
Subscribe to receive my latest Tech news, security alerts, tips and deals newsletter. (We won't spam or share your email with anyone else.)

By signing up, you agree to our Terms of Service and Privacy Policy. You may unsubscribe at any time.

Tips to avoid our newsletters going to your junk folder