Despite Google’s strong security, a new phishing scam is slipping through. It’s a reminder that no one is fully safe from cyber threats.
The Subpoena Gmail Attack: What Happened?
Attackers sent emails from what looked like a real Google address — no-reply@google.com — claiming a subpoena required Google to release your account data. The email passed all of Google’s security checks, including DomainKeys Identified Mail (DKIM) authentication. It even appeared in the same thread as legitimate Google security alerts, making it incredibly convincing.
Remember: Google will never ask for your password, 2FA codes, or account credentials.
What To Do If You Were Targeted
Think you clicked on something suspicious? Here’s what to do right now:
- Change your Google account password and check your recovery options (email and phone) for unauthorized changes.
- Call your bank and any linked financial institutions. Let them know about the breach so they can monitor or freeze accounts if needed.
- Lock down your security:
- Enable 2FA
- Use a passkey for sign-ins
- Turn on Chrome’s Enhanced Safe Browsing
- Report it: Contact local police and submit a report to the FBI’s Internet Crime Complaint Center (IC3).
Worried about security gaps in your organization?
Call us at 703-790-0400 for a free consultation on your cyber strategy.
Leave a Reply