All Gmail users given 'red alert' as Google rushes to stop new sophisticated 'attack'

If you use Gmail, you might want to keep your eyes peeled, because a a “red alert” warning has just been issued over a disturbingly clever phishing attack that even Google’s own systems have been struggling to stop.

The tech giant has confirmed it’s dealing with an “extremely sophisticated attack” that looks so convincing, it’s able to sneak past Gmail’s usual filters and land straight in your inbox. And that’s exactly what makes it so dangerous.

Developer Nick Johnson was among the first to sound the alarm after receiving one of the fake emails, sharing a screenshot on X (formerly Twitter). The message claimed a legal subpoena had been issued for him, and that his Google account data was being requested.

The disturbing part was that it appeared to come from a completely legitimate source.

Recently I was targeted by an extremely sophisticated phishing attack, and I want to highlight it here. It exploits a vulnerability in Google's infrastructure, and given their refusal to fix it, we're likely to see it a lot more. Here's the email I got: pic.twitter.com/tScmxj3um6

— nick.eth (@nicksdjohnson) April 16, 2025

Johnson wrote in his X thread: “The first thing to note is that this is a valid, signed email – it really was sent from [email protected]”.

“It passes the DKIM signature check, and Gmail displays it without any warnings – it even puts it in the same conversation as other, legitimate security alerts.”

That’s where the scam gets particularly concerning. Since it uses what looks like a verified Google domain, Gmail’s filters don’t flag it. Instead, it arrives in your main inbox, blending in with real alerts from Google.

Inside the email is a link that leads to a fake, but incredibly realistic-looking, Google sign-in page. If you’re unlucky enough to enter your credentials, you’re essentially handing over your account and personal data to cybercriminals.

This is exactly why Google has sounded the alarm and is now racing to roll out a fix. The company confirmed the attack comes from a threat actor known as Rockfoils, and it's already started pushing new protections to stop it.

A Google spokesperson told Newsweek: “We're aware of this class of targeted attack from the threat actor, Rockfoils, and have been rolling out protections for the past week”.

“These protections will soon be fully deployed, which will shut down this avenue for abuse.”

Art of a cybercriminal (Farion_O/Getty Images)

No timeline has been given for when the fix will be complete, so until then, Gmail users are being urged to stay on high alert. Double-check every email, especially ones that seem to come from Google, and never click links unless you’re 100% sure they’re legit.

The warning follows another recent cyber threat aimed at WhatsApp users, where scam messages were tricking people into handing over verification codes that could give attackers access to accounts — and even banking details.

Altogether, scams are getting smart enough that we can’t even 100% trust our most trusted tech companies to stop them right away. In the meantime, it’s up to us to stay vigilant.

• Google issues warning to billions of Gmail users amid dangerous new scam
• Google Chrome users urged to clear browsing data immediately amid 'red alert' warning
• Google warn 2,500,000,000 users to stop using their passwords immediately
• Important alert urges all Chrome users to restart their browser immediately