Khaberni - Cybersecurity experts have warned Gmail users of a new wave of online scams exploiting a recent feature launched by Google, which allows users to create a new email address while retaining the old one as an alias (Alias).
The feature, which was introduced earlier this month, aims to help users replace their old email addresses, especially those associated with previous jobs or major life changes, without losing messages or stored data. However, cyber criminals quickly took advantage of this update by sending fraudulent messages aimed at taking over accounts or carrying out phishing attacks.
Fraudulent messages are reaching users under titles like «Change Gmail Address» or security confirmation for the account, and they appear highly convincing because they are sent from real Google addresses.
False links
These messages ask victims to confirm a new email address or verify their accounts via links that seem to lead to official Google support pages, but in reality, these links lead to fake sites hosted on the sites.google domain, carefully designed to mimic Google's login screens and security settings.
If attackers succeed, they can access the Gmail account and all associated services, including Google Drive, Google Photos, and Calendar, as well as external accounts and services linked to Google sign-in.
Delete any suspicious messages immediately
According to the Daily Mail, cybersecurity experts advise users to delete any suspicious messages immediately, and to avoid clicking on links or sharing any personal information or passwords.
Warning signs to watch for
Experts point out that even the most convincing phishing messages often include warning signs, the most notable of which are: use of a generic greeting such as «Dear User» instead of the full name, urgent language threatening to suspend or delete the account or cause financial losses, and requests to enter passwords or sensitive data via links in the email.
Google confirms that it never asks users to enter passwords through email links, and advises checking security alerts directly through the account via browser, as details such as the device used and the time and location of login are displayed.
This warning comes after the revelation last week of a data leak involving login credentials of millions of users online.
Cybersecurity researcher Jeremiah Fowler announced the discovery of a database containing 149 million hacked credentials, with the largest portion belonging to Gmail accounts at about 48 million accounts, followed by Facebook, Instagram, Yahoo, and Netflix, as well as data associated with other services like iCloud, TikTok, and Binance.
