Crypto users are warning about phishing emails that appear to come through real Google account systems.
Summary
- Hackers use real Google account alerts to make crypto phishing emails appear safer than normal.
- Exchange and DeFi users face hidden links that can steal passwords, sessions or wallet access.
- crypto.news reports show phishing, AI scams and social engineering remain major crypto security risks.
The reported attack uses recovery contact request emails, then places a malicious link inside the request details.
The method is risky because the visible sender may look more trusted than a normal scam email. Reported screenshots used wording such as “recovery contact request” and “review request,” but users should treat those prompts as unverified until they check inside their own account.
Hidden links target exchange and wallet access
The reported phishing emails use spacing tricks to push harmful content far below the visible part of the message. The top of the email can look like a normal Google security notice, while the dangerous link appears lower in the message.
For crypto users, the main risk is account takeover. A fake login page can steal passwords, session data or two-factor prompts. If attackers gain access to an exchange account or wallet approval flow, they may move funds quickly.
Additionally, recent crypto.news coverage shows why the warning matters. Binance said its systems stopped 22.9 million scam and phishing attempts in Q1 2026, up 54% from the previous quarter. The exchange said the controls protected about $1.98 billion in user funds.
crypto.news also reported that Ethereum’s ERC-7730 Clear Signing standard aims to make wallet approvals easier to read. The push came as phishing and approval scams continued to outpace many protocol-level hacks.
The wider threat remains active. crypto.news reported that Coinbase, Microsoft and Europol helped dismantle the Tycoon 2FA phishing network, which Europol said had generated tens of millions of phishing emails each month.
Users urged to verify requests manually
Google’s account help page advises users to check recent security events from their Google Account instead of trusting suspicious email prompts. Google also says users should review unfamiliar devices and turn on 2-Step Verification to reduce account takeover risk.
Google also warns that fake security emails may ask for passwords or personal data. Its guidance says users should go to their Google Account security page and review recent activity there, rather than clicking unfamiliar links in an email.
Crypto holders should follow the same rule with exchanges and wallets. They should open the official app or website directly, check account alerts there, and avoid typing seed phrases into any page. Google also says it never asks for passwords or verification codes over email, phone call or message.
