Spoofed Gmail and SMTP Scam

Simple Mail Transfer Protocol (SMTP) is a standard method that servers use to send emails. Many times, companies use these to send out marketing emails. Gmail is a popular service that companies use to send out mass emails. Cybercriminals have recently found a flaw and vulnerability in the Gmail service.

Since the cybercriminals have found this vulnerability, they can spoof any company that uses it. If the company uses Gmail for marketing emails, cybercriminals can send out phishing emails from a malicious domain and disguise by using the legitimate domain. Since the email is through Gmail, it looks trustworthy and will probably pass-through security filters.  


  • If you need to verify if an email is legitimate or not, reach out to the person directly.
  • Never click or download an email attachment you were expecting.
  • This type of attack isn’t just Gmail related. It can be for other services and even if it looks like a legitimate sender, always remain cautious.

Learn more tips like this and train your employees with our Security Awareness Training Program.