Gmail scams are through the roof, so… lookie, but definitely no touchie!

What's the first rule of the internet? We don't click things here and there! We definitely do not click random links. The second rule is the same, so I'll just skip to the third rule: when we get an email, we always pay attention to the sender: is the other side contacting us from a legit email? Or does it sound fishy?

Needless to say, in 2025 you have to be extra careful, as, apparently, cybercriminals are increasingly targeting Gmail users with sophisticated phishing attacks. Many of these scam attempts are now executed with the help of AI. Gee, "thanks"!

Phishing tactics have advanced beyond basic email scams; bad actors now use social engineering methods to manipulate users into handing over credentials. Since a compromised Gmail account grants access to a range of Google services and sensitive data, scammers and hackers are fond of the platform.

According to the latest Hoxhunt Phishing Trends report, phishing attacks that are designed to bypass security filters have increased by 49% since 2022. Attackers can now create highly convincing scams for as little as $5, which only goes to show why such scams are through the roof, so to speak.

Malicious links in emails, though, remain the primary tool, appearing in 70% of phishing campaigns.

Adrianus Warmenhoven from Nord Security notes that preparing an attack takes minimal effort, with some tools capable of cloning trusted websites in seconds. There's a thing called the Open Graph Spoofing Toolkit, a malicious tool available on underground forums, and it further compounds the problem.

This toolkit manipulates metadata to make phishing links appear legitimate, tricking users into clicking harmful URLs. It allows attackers to customize link previews, integrate with domain management services, and even modify redirection settings in real time, making detection and prevention more difficult.

To mitigate risks, the FBI urges users to avoid clicking links in undemanded emails or messages. Regularly monitoring account activity, using a password manager, and enabling URL matching can provide additional layers of protection. Hint: the keyword here is "can", so don't rely entirely on these things. Above all, be precautious.

Google also advises Gmail users to be extra careful with unknown emails, avoid downloading suspicious files, and never respond to unsolicited requests for personal information. If in doubt, users should verify account security by directly accessing Google's official site rather than clicking on links within emails.