Scammers have been taking advantage of a recent Google update that allows users to change their email address while retaining the old one as an alias, as reported by cybersecurity experts cited in the Daily Mail.
Introduced earlier this month, the new feature permits users to establish a fresh Gmail address without losing access to their existing emails, files, or connected services. However, security analysts warn that cybercriminals are leveraging this update to launch phishing attacks aimed at deceiving users into revealing their account credentials.
In recent weeks, fraudulent emails have been circulating, claiming that the recipient’s Gmail address has been altered or necessitates security verification. These emails seem authentic as they are sent from seemingly legitimate Google addresses, including [email protected]. Recipients are coerced into confirming a new address or authenticating their accounts, often under the guise of potential suspension or loss of access.
The hyperlinks embedded in these deceptive emails redirect users to counterfeit websites hosted on sites.google.com, closely resembling Google’s official login and security pages. If users input their information, attackers can potentially gain access not only to Gmail but also to associated Google services like Drive, Photos, Calendar, and third-party apps connected through Google sign-ins, according to the Daily Mail report.
Cybersecurity professionals highlight that phishing emails associated with this scam exhibit warning signals, such as generic salutations, urgent language pushing for immediate action, and requests for password input through email links. These strategies are devised to bypass user caution by creating a sense of urgency.
In February 2026, cybersecurity researcher Jeremiah Fowler revealed a database containing 149 million compromised credentials discovered online. Gmail led the pack with an estimated 48 million exposed credentials, followed by Facebook, Instagram, Yahoo Mail, Netflix, and Outlook, in addition to accounts linked with services like iCloud, .edu, OnlyFans, TikTok, and Binance.
