Cybersecurity professionals are sounding the alarm for Gmail users as scammers are taking advantage of a recently introduced Google feature. This feature allows users to create an alias while maintaining their original email address.
Launched earlier this month, the update is designed to facilitate users who wish to replace their old email addresses seamlessly. However, this has become a new avenue for cybercriminals.
These scammers are circulating fraudulent emails that exploit this change, attempting to hijack accounts and execute phishing schemes.
The emails typically reference a ‘Gmail address change’ or request a security confirmation, which can easily deceive recipients because they appear to originate from legitimate Google addresses, such as no-reply@accounts.google.com.
Within these emails, victims are urged to confirm a new address or verify their account details. The links provided look like they lead to official Google support pages.
However, these links redirect users to counterfeit websites hosted on sites.google.com, which are crafted to resemble Google’s authentic login and security interfaces.
If attackers succeed, they can access Gmail and all connected Google services, including Drive, Photos, Calendar, and third-party accounts linked to Google logins.
Users are advised to delete any suspicious emails and avoid clicking on links or sharing personal information.
Gmail users should be on the look out for malicious emails asking them to verify their accounts
Daily Mail has contacted Google for comment.
Google launched the feature that lets users replace their existing @gmail.com address with a new one.
Tech expert Kurt Knutsson wrote for FOX News: ‘Given that Gmail has close to 2 billion active accounts, this update affects almost everyone.
‘It also helps people who stopped using an old Gmail address tied to a past job, a move or a major life change.’
However, taking advantage of the update does not mean users lose their past emails.
Your existing inbox and all past emails will remain intact, Knutsson explained.
Files and folders stored in Google Drive will stay in place, along with your Google Photos and backup data.
Any purchase history, subscriptions, or connected services linked to your account will also be preserved.
Emails claiming a ‘Gmail address change’ or requesting a security confirmation are now circulating, appearing particularly convincing because they come from real Google addresses like ‘no-reply@accounts.google.com’
However, cybercriminals are taking advantage of the welcome update with a new scam campaign.
Even the most convincing phishing emails often contain warning signs if you know what to look for.
Cyber experts warned that one red flag is a generic greeting, such as ‘Dear customer,’ instead of your real first and last name.
Another warning is urgent language that threatens account suspension, deletion, or financial consequences, which is intended to make you act without thinking.
Emails asking you to enter passwords or other sensitive information through a link are particularly dangerous.
These links often lead to fake websites designed to look like Google’s official pages, allowing scammers to steal your login credentials.
Google advises users never to click links in emails and to check security alerts directly through their accounts.
By manually opening a browser and navigating to your Google account, you can verify alerts, which will usually include details such as the device used, time, and location of access.
Last week, it was revealed that millions of Gmail users’ credentials had been leaked online.
Cybersecurity researcher Jeremiah Fowler uncovered a database of 149 million compromised credentials.
The largest batch of stolen credentials was from Gmail, with an estimated 48 million, followed by Facebook with 17 million, 6.5 million were linked to Instagram, four million from Yahoo Mail, Netflix credentials totaled to around 3.4 million and there were 1.5 million from Outlook.
Other notable login information was linked to iCoud, .edu, TikTok, OnlyFans and Binance.
