Image: JarTee / Shutterstock.com

Google changes Gmail—and criminals rejoice

Google is planning something that many people have wanted for a long time: the ability to change your @gmail.com address after you've created it. It sounds practical, but it's a goldmine for fraudsters. Even before Google has officially announced the new feature, security researchers are sounding the alarm. The reason: there is already a wave of deceptively genuine phishing emails that exploit this very desire.

The security company Check Point Research discovered the first fraudulent emails at the end of December 2025 and warns that attackers are using Google's own infrastructure to make their emails look like genuine Google messages. Sender addresses with @google.com easily bypass many spam filters.

"Please confirm your new address" – and just like that, the account is gone.

At first glance, the fake emails appear completely legitimate: sometimes you are asked to confirm your identity, sometimes you are asked to activate your new address. Anyone who clicks on the link is taken to a professionally designed phishing site. There, of course, your Google password is stolen. And in many cases, that is the digital master key.

After all, anyone who has access to a Gmail account can use it to access almost anything—online banking, cloud storage, social networks, photos, contacts, confidential data. Independent IT expert Jeremiah Fowler sums it up: "Gmail accounts are the key to our digital lives."

Lack of communication makes it easy for fraudsters

An additional risk factor: Google has not yet officially explained the new feature. There is only a support document in Hindi – this creates uncertainty and an information vacuum that criminals mercilessly exploit. If users do not know how to change their address, they are much more susceptible to fake instructions.

According to experts, the rule is quite simple:

• Google does not send emails with direct links to change your email address.
• Changes can only be made via the Google account settings under "Personal information."

So if you receive an email with "Change address here" or "Confirm now" – stay away!

We say quite clearly:

When even IT professionals fall for phishing emails in droves, something is clearly wrong. Anyone introducing a central function such as changing the Gmail address must inform users clearly and extensively in advance – not quietly and secretly in a document that no one knows about. Otherwise, users become victims, and practical tools become gateways for attacks. Digitalization requires not only features, but also responsibility—especially from those who provide the infrastructure.

Source: chip.de