Cybercriminals are using a sophisticated phishing scam that mimics official Google communications. These emails claim that
Google received a subpoena to access your account and appear to come from no-reply@accounts.google.com —a legitimate Google address. See the example below:
⚠️ What Makes This Scam Convincing?
- The email includes a Google Account ID, support ticket number, and a link that looks like it leads to a Google support page.
- The link actually redirects to a Google Sites page — not an official support page.
- If you're not logged in, it prompts you to sign in through a real Google login page, adding to the illusion.
🧠 How the Attack Works
- Scammers register a domain and set up a Google Workspace account.
- They create a fake app using Google OAuth and embed phishing text in the app name.
- Google sends a security alert from its official domain — but the message is crafted by the scammers.
- The email is forwarded to victims, tricking them into clicking malicious links or downloading harmful files.
🛡️ How to Protect Yourself
- Stay calm if you receive alarming emails. Panic can cloud judgment.
- Check the email headers — especially the "To" and "Mailed-by" fields. Look for suspicious domains or typos. For example, the "Mailed-by" field below does not actually come from Google.
- Avoid clicking links in unsolicited emails, even if they appear to be from Google.
- Be cautious of pages hosted on sites.google.com — scammers often use this to bypass security filters.
- Use a trusted security solution to detect and block phishing attempts.
If you require further information, please contact the IT HelpCentre (Tel: 2766 5900, WhatsApp/ WeChat: 6577 9669) or reach out to us via the IT Online ServiceDesk.
