Google customers are advised to be on the lookout for fake notifications that inform them of suspicious login attempts. Experts have found that such emails are being sent out by cybercriminals to lure users to phishing sites.
The emails are entitled “Suspicious sign-in prevented” and they read something like this:
“Someone recently used wrong passwords to try to sign in to your Google Account. We prevented the sign-in attempt in case this was a hijacker trying to access your account. Please review the details of the sign-in attempt.
If you do not recognize this sign-in attempt, someone else might be trying to access your account. You should check activity immediately.”
The main problem with this phishing attack is that Google actually sends users such emails in case suspicious login attempts are detected.
However, cybercriminals have also been sending out such emails over the past years. In some cases, the bogus notifications are utilized to distribute malware, while in others, to lure people to phishing sites.
In this particular case, brought to our attention by a security researcher of Malwared.ru, internauts are taken to a phishing site hosted on privacy.google-settings.com. The domain might look legitimate at first sight, but it’s not owned by Google.
The expert says that it has been registered by one Aksnes Thomas from Sweden, with the email address firstname.lastname@example.org.
The phishing site’s source contains an email address, email@example.com, which the researcher believes could be the attacker’s address.
If you come across such emails, analyze them carefully before clicking on any of the links or buttons. Make sure that the links point to a legitimate Google domain, such as gmail.com, mail.google.com or accounts.google.com before entering your credentials.
If you’re a victim of this phishing attack, change your password as soon as possible. If you’ve been using the same password for multiple accounts, change it for those as well.