How to Spot and Avoid the Latest Google Scam That Looks Completely Real

A new phishing scam is making the rounds, and it’s unusually convincing. The messages look like they come straight from Google – official logos, familiar layout, even a realistic login page. But if you click and enter your credentials, your account ends up in the hands of scammers. Reader’s Digest flagged this specific variant in late April 2026, and it’s already spreading widely.

Here’s what you need to know to protect yourself.

What the scam looks like

The scam typically arrives as an email or even a pop‑up inside Chrome. The subject line might say something like “Suspicious sign‑in attempt on your account” or “Your password has expired – update now.” The message includes a link to a page that looks exactly like Google’s sign‑in screen.

It can also appear as a fake account recovery notification, urging you to confirm or cancel a reset you never requested. The goal is simple: get you to type your email and password, and sometimes your two‑factor code, into a page the scammers control.

Why this one is dangerous

Phishing attacks are nothing new, but this variant is more polished than most. The typo‑ridden emails of the past are being replaced with nearly flawless copy and branding. Scammers also know that fear works – an alert about a suspicious login feels urgent, and many people act without checking carefully.

Once a scammer has your Google credentials, they can access Gmail, Google Drive, Google Photos, and any other service tied to that account. They can also use your email to reset passwords for other sites, making this a stepping stone to identity theft.

Red flags to watch for

Even a convincing scam has cracks. Look for these signs:

  • The sender address. Official Google emails come from [email protected] or similar. Anything like [email protected] or [email protected] is fake.
  • The URL in the link. Hover over the link before clicking. The real Google login page is https://accounts.google.com. Scammers use slight variations – accounts-google.com, google.account-security.com, etc.
  • Urgency and threats. “Immediate action required” or “Your account will be suspended in 24 hours” are common emotional hooks. Google rarely uses that language in legitimate emails.
  • Unsolicited password resets. If you receive a password reset email you didn’t request, ignore it – do not click the link. Verify by going directly to myaccount.google.com.
  • Poor grammar or inconsistent styling. While many fakes are now well‑written, a few still slip up with odd phrasing or mismatched fonts.

What to do if you receive one

If you think you’ve spotted this scam, do not click any links or download any attachments. Here’s the safe response:

  1. Do not reply or engage. Delete the message immediately.
  2. Report it to Google. Forward the email as an attachment to [email protected]. If it’s a pop‑up in Chrome, note the URL and report it through Google’s Safe Browsing page.
  3. If you already clicked, do not enter any information. Close the page. If you did enter credentials, change your Google password right away from a trusted device. Then go to myaccount.google.com/security and check for recent activity. Sign out of all other sessions.

Securing your account for the long term

The best defence is two‑factor authentication (2FA). Even if your password is stolen, a second factor (like a code from your phone or a security key) blocks the attacker. Enable it in your Google account’s security settings.

Also review your recovery options – phone number and backup email – to make sure they’re correct and not something a scammer could have added. Finally, run Google’s Security Checkup; it’s a quick way to see if anything looks off.

Bottom line

This scam works because it looks real. The only reliable way to avoid it is to treat any unsolicited message that asks for your password – even if it appears to come from Google – as suspicious. When in doubt, navigate to Google’s website directly instead of clicking a link. A few extra seconds of caution can save you a lot of trouble.

Sources: Reporting from Reader’s Digest (April 30, 2026); Google’s official phishing guidance at support.google.com.