#### Scam Details Unveiled
**Point 1**: Hackers exploited Google's infrastructure to send deceptive emails, tricking users into revealing login credentials by mimicking legitimate Google addresses and passing DKIM checks. [nypost.com, timesofindia.indiatimes.com]
**Point 2**: The phishing scam involved emails claiming users were served subpoenas, directing them to a counterfeit Google Support page to harvest credentials. [nypost.com, timesofindia.indiatimes.com, theepochtimes.com]

#### Google's Response and User Recommendations
**Point 1**: Google confirmed the attack, closed the loophole, and urged users to adopt two-factor authentication and passkeys for stronger protection against phishing. [nypost.com, timesofindia.indiatimes.com, theepochtimes.com]
**Point 2**: Google emphasized that it never asks for account credentials via email or phone and advised users to manually verify the authenticity of emails. [nypost.com, timesofindia.indiatimes.com, theepochtimes.com]

Google Battles Sophisticated Phishing Scam Targeting Gmail Users

Scam Details Unveiled

Google's Response and User Recommendations

Sources

New York Post

Right-Lean

Billions of Gmail users’ personal information at grave risk in ‘sophisticated’ phishing attack

The Times of India

Right-Lean

Google Gmail Update: Billions of Gmail users at Risk: Developer shares email that he says 'exploits vulnerability in Google’s infrastructure'; Google responds

The Epoch Times

Right-Lean

Google Responds to Report of Sophisticated Gmail Phishing Attack