Inside the Gmail Scam So Clever, Experts Say Even the Savviest Could Fall for It—Are You at Risk?

You ever get one of those emails that looks so downright official, you almost wanna believe it’s from Google itself? Well, brace yourself—because an expert just threw up the red flag that Gmail users could soon be in the crosshairs of a seriously slick scam. As tech barrels forward, scammers aren’t just sitting still; they’re evolving into craftier shape-shifters, slipping past our usual defenses and tempting even the savvy among us. It’s funny how quick we are to side-eye someone who’s been hoodwinked online—like that poor soul who thought they were dating Gary Barlow—but the truth is, these digital traps are getting harder to spot, especially when the fake messages come with all the legitimate trappings. Imagine receiving a signed, genuine-looking email that ticks all the security boxes, only to find yourself on a spooky mirror site harvesting your login details. Yeah, it’s that next-level. But don’t throw your keyboard out the window just yet—there are ways to stay one step ahead. Curious to find out just how deep this rabbit hole goes? <a href="https://www.malwarebytes.com/blog/news/2025/04/all-gmail-users-at-risk-by-clever-replay-attack?utmsource=iterable&utmmedium=email&utmcampaign=b2cprooth20250428aprilweeklynewsletternonpaidv42174552101334&utmcontent=Gmail&x-clickref=1101lBjGZS5c”>LEARN MORE.

An expert has warned users with a Gmail account that they could soon be subject to a sophisticated scam.

As technology has evolved in recent years, so have the scammers who try and steal our money our identities online.

While we might be quick to judge someone who falls victim to an internet scam, particularly if they’ve been somehow convinced that they’re in a relationship with a well-known celebrity, it’s not always obvious what is and isn’t safe online.

There’s plenty of advice out there, especially when it comes to the one word you definitely shouldn’t say to potential scammers on the phone, but when it comes to emails, it might not be as easy to spot.

The world’s most dangerous hacker recently shared his advice when it comes to avoiding majorly bad consequences, but it seems as if the hackers who have targeted Google’s email service users are going down a different route in an attack which could put victims at risk of online fraud.

This would be very easy to fall victim to (getty stock)

Security experts at Malwarebytes are warning that ‘all Gmail users are at risk from [the] clever replay attack’.

Users could receive an email that looks to be from an official Google account, allowing it to bypass the filters which usually send the dodgy emails straight to your spam box.

The scam was first spotted by Nick Johnson, a lead developer of the Ethereum Name Service, and it was only down to his tech skills that he was able to spot an issue that many of us would have missed.

“Recently I was targeted by an extremely sophisticated phishing attack,” Johnson posted on X Wednesday.

He spoke more about how he first spotted the issue and how users can avoid falling for the scam.

“The first thing to note is that this is a valid, signed email – it really was sent from [email protected]. It passes the DKIM signature check, and Gmail displays it without any warnings” he said.

Clicking the fraudulent link in the email took him to a ‘very convincing support portal page’. He then clicked ‘Upload additional documents’ and ‘View case,’ and both links took him to ‘exact duplicates’ of the legitimate Google sign in page.

Any excuse not to check your emails I suppose (getty stock)

“From there, presumably, they harvest your login credentials and use them to compromise your account; I haven’t gone further to check,” he explained.

So, if you spot any suspicious links that ask you to sign into your account, maybe avoid them unless you want your personal information harvested.

Malwarebytes also released four tips to stay safe, which include double-checking the email headers, not following any unsolicited links, verifying the legitimacy of emails and not using your Google account to sign in on other websites.

LADbible has contacted Google for a comment.