Lauren WeinsteinMay 22, 2025

***** How Google Supports Dangerous Phishing Email Attacks *****

#Google #Gmail has become one of the largest sources of dangerous phishing attacks: Emails claiming fake charges, relating to PayPal, Norton, Bitcoin, and many other products and services. They are flooding non-Gmail email services and coming directly from Google email servers.

The whole point of these is to get the recipient to call a provided phone number to have the "charge" removed. Of course for these phishes there was no actual charge -- but the "customer service" folks will ask for financial information and/or try convince busy, nontechie users to download software that gives the phishers control of their systems for even more pervasive attacks.

GOOGLE COULD EASILY STOP THESE, BUT THEY REFUSE TO DO SO!

These phishes have characteristics that Google could easily use to identify them and block them from being sent, especially to non-Gmail destinations. But Google refuses to act, putting vast numbers of email recipients at risk every day.

When all they seem to care about anymore is their misinformation-spewing generative AI, I suppose it's not surprising that Google seems to be just letting Gmail turn into a dangerous nightmare for the rest of the Net.

Google's old motto, "Don't Be Evil", is just a memory.

L

Show threadAndrew 🌻 Brandt 🐇May 22, 2025
@lauren What evidence do you have that they "refuse" to take action? That seems pretty egregious.
Show threadShannon ClarkMay 22, 2025

@threatresearch @lauren I get a half dozen or so spam emails a day in gmail that are not filtered out by gmail’s spam filters and have for years and around 80% of the spam are from random character gmail addresses with a different “name” than the gmail address and sent to a random group of email addresses with very similar spam text.

I have reported these as spam every single time and for years (like a decade or more) gmail still does not flag them as spam.

Every. Single. Day.

Show threadAndrew 🌻 Brandt 🐇May 23, 2025
@Rycaut @lauren While I don't doubt that's happening, and I concur that must be frustrating and exasperating to deal with, that is not what I was asking for, which is evidence that Google refuses to address spam.
Show threadLauren Weinstein
@threatresearch @Rycaut Having worked inside Google, and having a pretty good sense of how the related internal systems operate, I'd simply say that Google's approach to spam is -- in my opinion -- highly selective. That's all I'll say here.
May 23, 2025 at 4:54pmWeb
Show threadKevin Karhan May 23, 2025

@lauren @threatresearch @Rycaut yeah...

#Google knows that #Gmail / #GoogleMail is "#TooBigToBlock" re: #Spam so they don't give a shit (in my experience)!

Show threadLauren WeinsteinMay 23, 2025
@kkarhan @threatresearch @Rycaut It's more complicated than that but I am comfortable calling out Google for the current flood of dangerous phishing attacks spewing from Gmail to non-Gmail platforms.
Show threadKevin Karhan May 23, 2025
@lauren @threatresearch @Rycaut yeah...