Cybercrime Southeast Europe Newsletter No. 93

by admin | Mar 20, 2026 | NSSPV, Unions Market and others | 0 comments

New Gmail Scam Spreading Across the Region – Fake Security Check Steals All Data

We would like to warn you about a new, highly sophisticated scam targeting Gmail users, which has already been detected across the Balkan region.

This scam is based on a fake Google security check that appears completely legitimate at first glance, but is in fact designed to collect sensitive user data.

The attack typically begins with a phishing email, SMS message, or pop-up notification informing the user that their account requires urgent security verification. These messages are carefully crafted to resemble official communication, creating a sense of urgency and trust.

Users are then redirected to a fake website that imitates Google, where they are guided through a process that appears to be a standard account protection procedure. In reality, this process results in the compromise of their data.

Particularly concerning is the use of so-called PWA (Progressive Web App) technology, which, once installed, can hide browser indicators and create the impression that the user is interacting with a legitimate Google application.

During this process, users may unknowingly grant access to:

contacts stored on their device
real-time location data
clipboard contents
verification (2FA) codes

In some cases, additional malicious software may be installed, including keyloggers that capture keystrokes and allow attackers to obtain passwords and other sensitive information.

An additional layer of risk comes from the use of artificial intelligence, which enables attackers to generate convincing phone calls, impersonate technical support, and combine multiple communication channels to increase the success rate of the attack.

Given that Gmail often serves as the central hub of a user’s digital identity, unauthorized access to such an account can lead to further compromise of banking applications, social media accounts, and business platforms.

Conclusion
This scam represents one of the more sophisticated forms of cyberattacks in recent times, combining advanced technology with psychological manipulation. Particular caution is advised in situations involving urgent requests, installation of additional tools, or the submission of personal data through links from unknown sources.

A simple rule applies: no legitimate security check will ever require installing an application via an unknown link or sharing sensitive data outside official platforms.

Your DefendMe Team

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cybercrime Southeast Europe Newsletter No. 93

Submit a Comment Cancel reply