See that email in the featured image of this post? It's junk. Several developers have received this and rightfully felt very nervous, but it is simply a scheme to get you to turn over your Google credentials to scammers. It isn't the cleverest phishing expedition we've ever seen, but it certainly is better than most. First of all, it is not filled with the kind of typographical and grammatical errors you often see. Also, the biggest giveaway of what is going on is obscured when viewing from Gmail.
The sender of this email is "[email protected]" Gooogle. Most people will notice that misspelling, but only if they see it. Look at the screenshot again. In the default Gmail view, you do not see this part of the email address. This moreso than anything else gives the email a sense of legitimacy.
When you click the link to the Developer Console, we're told, you are brought to a page that looks a great deal like the standard Google account sign-in. So the sender's identity is rather hidden, the email content is well-written and specific enough, and the subject matter gets the recipient nervous enough that they may fail to look closely at the details that tell you you're being tricked.
If you do get this email, it would be a good idea to report it to Google as spam/phishing. Also, don't follow the links! Here's the full screencap:
Google has acknowledged this problem by sending out a warning about the scam.
This afternoon, Google sent out an email to everyone who has a developer account warning them about this phishing scheme. Here's a screenshot:
- Tommie Podzemski