A phishing campaign is targeting cryptocurrency users with emails that impersonate legitimate Google security alerts, leveraging Google account recovery wording such as "recovery contact request" and "review request" to create urgency. Reporting indicates the messages can appear to arrive through genuine Google systems rather than obviously suspicious senders, increasing their credibility. Attackers also use oversized blank space and hidden formatting in the email body to push malicious links below the initially visible content, helping them evade casual inspection. Linked landing pages are designed to harvest passwords, session cookies, and two-factor authentication codes, enabling rapid takeover of exchange accounts and wallets. Binance reported blocking 22.9 million phishing and scam attempts in Q1 2026, indicating the broader scale of activity into which this campaign fits. Gmail users, particularly those holding crypto assets, should treat unsolicited Google security or account-recovery emails with caution and verify any alerts directly in account settings.
// Alert
Gmail threat report
// GmailMEDIUM
// Get alerts for Gmail