Google has issued an urgent alert to all Gmail users after a highly advanced phishing campaign targeted 1.8 billion accounts. The attack, first exposed by Ethereum developer Nick Johnson on April 16, exploited a vulnerability in Google’s infrastructure that remains unpatched, raising fears of repeat incidents.

　Johnson received a fake email disguised as a Google security notice, claiming his account was under legal subpoena and urging him to grant access. The email, sent from a legitimate Google address and verified by DKIM encryption, appeared in the same thread as genuine alerts. “It looked exactly like a real warning,” Johnson said. The only red flag? A phishing link hosted on “sites.google.com” instead of the official “accounts.google.com” domain.

　Clicking the link led to a convincing Google "support portal" that mimicked login pages. Johnson halted the process before entering his credentials, but warned: “If you type your password, hackers can take over your account instantly—even bypassing two-factor authentication.”

　Google confirmed the attack, blaming "specific threat actors" and urging users to enable passkeys—a safer login method tied to physical devices. A spokesperson stated: “We never ask for passwords, codes, or personal info via email. If you see such requests, it’s a scam.”

　The hackers used Google Sites to build fake pages, relying on the “google.com” domain to trick users. Johnson stressed that passkeys offer stronger protection than passwords alone, as hackers can’t remotely use stolen device-bound keys.

　Google has updated its security guides, teaching users to spot fake emails—often marked by generic greetings, urgent demands, or requests to click links for payments or updates. The company also clarified that official legal requests would come via direct email unless legally restricted.

　For now, users are advised to manually type URLs instead of clicking email links and to report suspicious messages immediately. As Johnson put it: “Assume every login page is fake until proven real.”

　—Reported with inputs from Daily Mail.