No more shameful email addresses, Gmail finally allows you to change your nickname. But be careful, scammers use it to better attack their victims.
Are you ashamed of your Gmail address, created without much thought, based on a slightly ridiculous nickname or an outdated nickname? To all “lolodu77”, “s3xyb0y” and other “alexBG2104”: know that it is technically possible to modify an existing Gmail address, while continuing to receive emails and notifications intended for it in the same inbox. No need to put it away in the closet to create another electronic mailbox, Google suggests changing the username, while keeping the @gmail.com domain at the end. A good opportunity to improve your image and look good, particularly professionally, when looking for a job or approaching clients without being part of a company.
But since this configuration option is often unknown, it is also exploited by malicious actors. This is often the case when a new feature is put online: Internet users do not know how to access it, and criminals take advantage of this to send false activation guides.
It was cybersecurity experts from CheckPoint Research who discovered this vast phishing campaign, which exploits a Google Cloud flaw. The hackers thus usurped Google’s identity on a massive scale, notably via the legitimate address noreply-application-integration@google.com. Clearly, the scammers did not hack Google. They used an official tool designed to send automatic emails, and used it to send their messages from real Google domains. The result: the emails looked authentic, and spam filters didn’t block them.
In these, we find a link to “activate your new address”. But it is obviously a fake, which will be used to steal your login credentials and oust you from your own email address. Because of course, a Gmail account is today an invaluable access key for hackers: it is used to easily connect anywhere, which makes it a gateway to almost all your personal data, from saved passwords to private photos, including your social networks or even your banking details.
To avoid being fooled while still enjoying the real novelty, it is worth remembering that Google will never send a direct link to modify your address. The official procedure is done manually: it is already accessible to certain users, and “deployed gradually” to all addresses, as specified on the firm’s support page. So go to myaccount.google.com, “Personal information” section, then click on your email address. If the option is available to you, an “Edit” button will appear. You can correct your email address up to three times in total, once a year, and returning to the original address remains possible at any time. But remember to back up your data, as this change may impact the connection on certain devices such as Chromebooks.
