Gmail Phishing Scams: Don’t Fall Into the Trap

You’ve probably heard of email phishing scams before, but did you know that there are phishing scams specifically targeting Gmail users? If you use Gmail, pay special attention to this article to keep yourself safe.

Are You a Gmail.com User? Google Email Scams Can Appear at Any Second

Millions of people rely on Google’s email service, Gmail, for their day-to-day personal and professional emailing. Scammers know this, which is why they are targeting Gmail users with more and more new Gmail Scams every day.

What Is a Gmail Phishing Scam?

In general, an email phishing scam is any type of scam in which the fraudsters attempt to trick you into handing over sensitive information (e.g., login credentials, credit card numbers, or bank account details) by sending fake emails, which usually appear to be from large, reputable companies.

Gmail phishing scams are a subset of email scams that specifically target Gmail users.

Common Gmail Phishing Scams

The Fake Sign-In Phishing Scam

One of the most common new Gmail scams is known as the fake sign-in phishing scam, which is designed to get you to unsuspectingly provide your Gmail login credentials to scammers.

How Does the Fake Sign-In Phishing Scam Work?

This scam starts with you receiving an email from a trusted source (usually a contact who has already fallen for the scam) with a link for you to click on. The link takes you to a spoofed, or fake, version of the Gmail login screen and asks you for your username and password.

What Happens To Victims of This Gmail Scam?

If you fall for this scam and provide your login credentials, the scammers steal all the personal information they can from your Gmail account. They also take advantage of your contacts, sending them phishing emails from your account to keep the scam rolling, accumulating more and more victims.

How To Protect Yourself from This Scam

To avoid this Gmail scam, don’t click on unknown links in emails, even if they appear to be from trusted sources. You can hover over any links with your mouse to preview them and see where they really take you.

If you do happen to click on a link that takes you to what looks like a Gmail login screen, never enter your login info. Only access your Gmail directly by going to Gmail.com and logging in.

Bait Attack

Another prolific Gmail scam is called the bait attack scam. Here’s how it works and how to keep yourself safe…

How Does a ‘Bait Attack’ Work?

A bait attack scam typically starts with you receiving a blank email with a simple, vague subject line. The scammers hope that curiosity gets the best of you and that you open the email. They can then gauge how likely you are to open a second email from them.

If they think you are a good target for the second phase of a bait attack, the scammers will send another email that appears to be from an antivirus software company, such as Norton. They’ll try to create a sense of urgency by telling you your device is infected with a virus, or something along those lines, and ask you for sensitive information in order to fix the problem or ask you to click on a link to download and install antivirus software. The link is malicious and really installs malware on your device.

Gmail’s Warning Against This New Gmail Scam

Although not completely unique to Gmail, Google has warned that this type of scam overwhelmingly targets Gmail users (about 90% of bait attacks target Gmail accounts).

How To Protect Yourself from This Scam

Don’t open emails from unknown senders with vague subject lines and don’t click on unknown links or attachments in emails. Instead, mark them as spam to avoid receiving more from the same senders.

Also, know that legitimate companies will never ask you for sensitive data via email.

Craigslist Gmail Scam

How Does the Craigslist Gmail Scam Work?

In this scam, the fraudsters pose as buyers or sellers on Craigslist and start corresponding back and forth with you about an item. They try to take any information from the body of your emails, such as your email address, name, and phone number contained in a signature, which they then use to try and hack your Gmail account by entering it on the account recovery page.

When they do this, Gmail sends an account recovery code to your phone. The scammers then try to trick you into believing that this is a code they sent you to prove you are a real person before making a deal with you on Craigslist, and they ask you for the code.

What Happens To Victims of the Craigslist Scam?

If you hand over a Gmail verification code to scammers, they can reset your account password and take full control of your Gmail account. They can then run wild in your email, potentially contacting your friends and family and asking for money, or committing other types of identity theft and fraud.

How To Protect Yourself from This Scam

Keep personal information out of your emails whenever you are dealing with people via Craigslist, so they can’t try to reset your password. If you receive a Gmail verification code without requesting it, be very wary of anyone you are talking to on Craigslist at the time, and never tell anyone else what the code is.

How To Report a Scam to Gmail

1. Go to your Gmail account
2. Open an email you want to report
3. Click on “More” next to “Reply” for the email
4. You suspect to be from scammers
5. Click “Report Phishing”

How Payback Can Help You Recover From a Gmail Scam

Payback’s team of fund recovery specialists have extensive experience in getting money back from all types of online scams and scammers.

We will do everything we can to track down the perpetrators of Gmail scams and retrieve your money from them by pressing them where it hurts: their finances.

Contact Payback today if you have fallen victim to a Gmail phishing email or any other type of scam.