Google issues security warning for Gmail users: do not to click on links

Google has issued an important warning to all Gmail users about a new and sophisticated phishing scam that closely mimics legitimate emails to bypass security checks and trick users into revealing their account credentials, according to reports.

While Google has acknowledged the threat and is actively working on protective measures, the company urges users to remain vigilant — especially when interacting with emails that appear to come from trusted sources like Gmail.

The scam came to light when software developer Nick Johnson posted on X (formerly Twitter) about receiving a suspicious email from the address “no-reply@gmailgoogle.com”. Although the email seemed legitimate, it included a link that led to a fake Google Support page — actually a phishing site hosted on Google’s own platform, sites.google.com.

What made the scam particularly convincing was that the email passed Google’s own security checks, including DomainKeys Identified Mail (DKIM), making it appear authentic.

Clicking the link redirected users to a cloned Google sign-in page hosted on a Google subdomain. If credentials were entered, attackers would gain full access to the user’s Gmail account and associated data.

In a statement, Google said, We are rolling out protections to stop this specific threat and expect the issue to be resolved shortly.”

The tech giant also encouraged users to enable two-step verification and adopt passkeys to enhance account security.

Until the fix is fully deployed, Gmail users are advised not to click on links in unexpected security alerts, and instead verify suspicious emails by logging in directly via the official Google website.