New Gmail Phishing Scam Targets Canadians with Fake Legal Subpoena Emails
A sophisticated phishing scam is circulating among Gmail users in Canada, using deceptive emails that appear to come from a legitimate Google address. The emails claim a legal subpoena has been issued and instruct recipients to review case details via a fake sign-in page.
The scam—referred to as a “replay attack”—is crafted to look like an official Google security alert. It typically includes a case reference number, account ID, and links to a Google Sites page, urging users to “review case materials” or “submit a protest.”
What makes this attack particularly dangerous is that the email appears to be sent from no-reply@google.com and passes standard email verification checks. As a result, it can slip past spam filters and appear genuine to unsuspecting users.
Clicking the link leads victims to a counterfeit website that mimics Google’s login page. Entering credentials on this fake site could expose usernames, passwords, and other sensitive data to cybercriminals.
The Canadian Anti-Fraud Centre (CAFC) has issued a warning about the scam, advising the public not to click on links in unsolicited messages and to block suspicious senders. These phishing attacks are commonly used to steal login credentials, banking details, and Social Insurance Numbers.
Anyone who believes they’ve been targeted or affected by the scam should report it to their local police or contact the CAFC at 1-888-495-8501.
