Google Account Security Alert Phishing
Attack Trigger
Fabricated security alert implying unauthorized access to your Google account
What Attackers Want
Google account credentials and 2FA backup codes
How This Attack Works
Fake Google security emails claim a new device or suspicious login was detected and require you to verify your identity. The linked page mirrors the Google sign-in page exactly and harvests credentials along with recovery codes.
Red Flags to Watch For
- ✗Sender address does not end in @google.com or @accounts.google.com
- ✗Link hostname is not accounts.google.com
- ✗Email asks for your 2FA backup code via the linked page
- ✗Urgent language warning your account will be locked in 24 hours
Known Malicious Domains
These domains have been associated with this attack. Never click links going to these addresses.
- google-account-recovery.netMALICIOUS
- gmail-security-alert.comMALICIOUS
- accounts-google-verify.comMALICIOUS
Glance automatically blocks emails from domains on this list. Domain list is not exhaustive — attackers register new domains continuously.
How Glance Stops This
- Domain similarity analysis catches lookalike sender addresses at millisecond speed
- SPF / DKIM / DMARC validation flags authentication failures before you ever see the email
- VirusTotal + Google Safe Browsing checks every link in real time
- Urgency language detection scores the email higher for manual review
- Known malicious domain blocklist updated continuously from live scan data
Don't wait to get hit.
Glance scans every incoming email against 12 detection layers — including the exact tactics described above — before it reaches your inbox.
Protect My Inbox — Free