New Gmail Warning — Do Not Open This Email From Google

Protecting your accounts and data is getting harder and more complex, despite the best efforts of security defenders. In the same week that we have seen details of Microsoft introducing strict new email authentication rules on May 5 to protect 500 million Outlook users, and the FBI warning that hackers impersonating the FBI have struck, so both these stories merge as Google confirms that Gmail users are under attack from hackers bypassing its own email authentication protections and leveraging trust in Google infrastructure to launch a dangerous and costly threat.

Beware This Gmail Security Alert — No Matter How Real It Appears

A sophisticated phishing campaign has been identified, which uses a method of bypassing the protections already put in place by Google to prevent brand impersonation of the domains sending authenticated emails to potential victims. The attackers are using a combination of OAuth and creative DKIM workarounds to trick users into divulging sensitive information.

Although this particular Gmail attack can rightly be described as being sophisticated and complex, it is essential to note that not all phishing campaigns follow this approach. Many phishing kits are available for sale on the dark web, often costing as little as $25, which can be used by even the least technical attackers to carry out professional-looking scams.

James Shank, director of threat operations at Expel, warned that a message passing DKIM authentication does not mean it is safe. "With DKIM and many other controls, there's a third state," he said, namely "it's valid in this very specific way." When implemented in the wrong way, some systems may wrongly apply that as "the message is safe to deliver."

Gmail hackers can buy phishing kits for $25

Adrianus Warmenhoven, a cybersecurity expert with NordVPN, has confirmed in an email that these phishing kits are available for sale on dark web forums and Telegram groups operated by cybercriminals. "With features like drag-and-drop website builders, email templates, and even contact lists," Warmenhoven warned, "these kits enable even the least technical attackers to carry out professional-looking scams."

Phishing kits and Phishing-as-a-Service platforms lower the barrier to entry, so we're seeing a surge in the number and variety of attacks," Warmenhoven said. "and that means consumers need to be more alert than ever."

Google Shuts Down Gmail Attack With New Update

The good news is that Google has said that it is rolling out protections to counter the specific attacks from the threat actor concerned. "These protections will soon be fully deployed," a spokesperson said, "which will shut down this avenue for abuse."

In the meantime, Google advised users to enable 2FA protections and switch to using passkeys for Gmail to provide "strong protection against these kinds of phishing campaigns." Melissa Bischoping, head of security research at Tanium, warned that while some components of this attack are new – and have been addressed by Google – attacks leveraging trusted business services and utilities are not one-off or novel incidents.

Moving forward, Gmail users should still be alert to the danger of genuine-looking emails and alerts that purport to be from legitimate sources, even if that source is Google itself. Awareness training should evolve with the threat landscape, addressing both new and persistently effective techniques, Bischoping said.

Robust Multi-Factor Authentication is Essential

"As always," Bischoping concluded, "robust multi-factor authentication is essential because credential theft and abuse will continue to be an attractive target." It's crucial for individuals to stay vigilant and take proactive steps to protect themselves from phishing attacks.