A new phishing scam is making the rounds, with cybercriminals impersonating Google to trick users into surrendering personal information under the guise of a legal subpoena. The scam, dubbed the “Google Subpoena Scam,” uses fear and urgency to manipulate victims into clicking malicious links and revealing sensitive data.
Users report receiving emails that appear to come from [email protected], bearing alarming subject lines such as “Security Alert” or “Notice of Subpoena.” These messages falsely claim that Google has received a legal request demanding access to the recipient’s account information—including emails, search history, and documents—and urge users to click a link to view the so-called case materials.
The links typically redirect to a fraudulent website hosted on Google Sites that closely mimics an official Google Assistant page. Once on the site, users are prompted to take actions that compromise their security.
What makes this scam particularly dangerous is its ability to bypass standard email security checks. Scammers are exploiting DomainKeys Identified Mail (DKIM)—a widely used email authentication method that verifies whether messages originate from legitimate domains. By intercepting and replaying genuine Google emails with valid DKIM signatures, attackers can evade filters and appear authentic. This tactic allows them to slip past common protections like SPF, DKIM, and DMARC.
Cybersecurity experts warn users to be on high alert. Recommended precautions include enabling two-factor authentication (2FA), using robust spam filters, and avoiding unexpected emails that request urgent action. Always verify legal claims through official Google support channels, and regularly review your account settings for unusual activity.
If you believe you’ve received a suspicious email, report it immediately through Google’s phishing report tools to help prevent further exploitation.
