Email purporting to be from webmail provider Gmail claims that recipients must click a link to verify their accounts and update information or risk having the accounts permanently deleted.
The message is not from Gmail and the claim that users will lose their accounts if they do not verify their information is a lie. The email is a phishing scam designed to steal login information for Gmail and other webmail accounts as well as trick victims into divulging their phone numbers to Internet criminals.
Dear Gmail User,
As part of our security measures, we regularly update all accounts on our database system. We are
unable to update your email account and therefore we will be closing your email accounts to enable the
You have been sent this invitation because our records indicate you are currently a user whose account
has not been activated. We are therefore you sending this email so you can inform us whether you still
want to use this account. If you are still interested please confirm your account by updating your details
immediately because out system requires an account verification for the update.
To prevent an interruption with your Gmail services, please take a few moments to update your account
by filling out the verification and update form immediately.
Click here to verify your account
Warning! Any account owner that refuses to update their account after receiving this email will lose their account
We appreciate your cooperation in this matter.
Gmail Member Services Team
© 2012 Gmail Inc. All Rights Reserved.
According to this email, which purports to be from Google’s webmail service, Gmail, account holders are required to update their account details by clicking a link and filling in a verification form. Otherwise, claims the message, the users will find that their Gmail accounts are permanently deleted. The message comes complete with a Gmail logo and copyright notice.
However, the email is certainly not from Gmail. And users will not lose their accounts if they fail to follow the link and update their details. Users who fall for the ruse and click the link will be taken to the following bogus Gmail login page, which has been constructed so that it closely emulates a real Gmail page:
After providing their login details, victims will be then taken to another bogus page that asks them to provide their phone numbers:
Next, victims will be taken to yet another bogus page and asked to provide login details for any alternative email addresses they may have:
After providing all the requested details, users will be automatically redirected to the real Gmail website. Alas, all of the information they have provided will end up in the hands of online criminals who will use it to hijack the real webmail accounts. belonging to their victims. The compromised accounts can then be used to launch more spam and scam campaigns in the name of the victims. The scammers may also use the stolen phone numbers for further nefarious activities.
Email account phishing attacks like this one are very common and take many forms. Be very wary of any unsolicited email that claims that you must follow a link or reply to provide login information and other personal information. Legitimate email service providers will not ask users to provide such information via a generic email message.
If you receive such a message, do not click on any links or open any attachments that it may contain. Do not reply to the message. Always login to your online email service by entering the account address into your browser’s address bar rather than by clicking a link in an email.