FBI Alerts Gmail, Outlook, Apple Mail Users: Verify Three Elements to Thwart Assaults

FBI Alerts Gmail, Outlook, Apple Mail Users: Verify Three Elements to Thwart Assaults

It's the time of year for vigilance—especially when it comes to the escalating number of attacks on Gmail, Outlook, Apple Mail, and other email users. So, it comes as no surprise that the FBI has launched a new campaign, advising people on how to stay safe. The only dangerous character you should encounter this holiday season, according to the bureau, is the Deceptive Elf.

“Fraudsters,” the FBI warns, “frequently offer unbelievable deals through phishing emails or advertisements. Such scams might offer brand-name merchandise at unheard-of prices, offer gift cards as incentives, or offer products at an unbeatable price, but the product you receive is not what you ordered.”

Their advice boils down to three crucial things to check before clicking on an unsolicited email: examine the sender's email address; scrutinize any URL before clicking on it; and verify the spelling and grammar of the email, along with the URL.

We've witnessed a spike in phishing and fraudulent websites during this holiday season, with all threats on the rise. Aided by AI, it's now easier for hackers to create convincing emails and websites, mimicking logos and product images, even polishing their copy to make it more convincing and enticing with fewer mistakes.

The best strategy remains to disregard marketing emails—especially during the holiday season, when most of these offers turn out to be scams, frauds, or worse. If you find an attractive offer, navigating to it through the website directly or using a search engine is a safer approach. However, be aware of SEO poisoning as well. It's a dangerous online world, and caution is essential.

The FBI's advice on phishing attacks remains the same:

• “Remember, companies rarely ask for your username or password.
• Never click on anything in an unsolicited email or text message. Look up the company's phone number on your own (don't use the one the potential scammer provides), and contact the company to verify the request's legitimacy.
• Carefully examine the email address, URL, and spelling used in any correspondence. Fraudsters use tiny differences to deceive your eye and gain your trust.
• Be cautious about what you download. Never open an email attachment from someone you don't know and be wary of email attachments forwarded to you.
• Set up two-factor (or multi-factor) authentication on any account that allows it, and never disable it.
• Be cautious about the information you share online or on social media. By openly sharing details like pet names, schools you attended, family members, and your birthday, you can provide a scammer with all the information they need to guess your password or answer your security questions.”

Google's Gmail team has also issued advice, warning that “since mid-November, we've seen a significant surge in email traffic compared to previous months, making protecting inboxes an even greater challenge than usual.” The team claims that “99.9% of spam, phishing, and malware in Gmail is blocked for the platform's over 2.5 billion users.” While security has improved, the company has issued its own advice for users:

• “Slow down. Scams are often designed to create a sense of urgency, using words like ‘urgent, immediate, deactivate, unauthorized’ etc. Take time to ask questions and think things through.
• Verify. Do your research to double-check the details of an email. Does it make sense? Can you validate the email address of the sender?
• Pause. No reputable person or agency will ever demand payment or your personal information on the spot.
• Report. If you spot something suspicious, mark it as spam. You'll be helping to clean up your Inbox and aiding in the protection of billions of other users.”

Yesterday, one such email attack made news headlines, with The Daily Dot reporting that “a tech expert is warning his followers to be on the lookout for the latest Apple email scam.” Scott Polderman warns other users that “due to its unexpected nature, this scam is working particularly well for hackers, and it poses a significant threat to those less tech-savvy.” This aspect is crucial—while those reading this article might be aware of such attacks, the majority of users remain unaware and vulnerable.

In his TikTok video, Polderman demonstrates an email supposedly from Apple, offering instructions on how to secure your account. The email's format closely resembles an Apple original, leading users to believe it could be an email from the company, instructing them to check their settings. The email includes even the fine print commonly found at the end of legitimate Apple emails. However, as the FBI advises, checking the sender's actual email address quickly reveals the scam. “This shows me it is not from Apple.com.” This should always be your first step in investigating the email's authenticity. Click on the name, which is commonly displayed in your email app, and check the full email address that follows.

Swindlers are cunning and will come up with phrases that could resemble an email address from a legitimate business, but it will be complicated and will not originate from the authentic domain. Though it's possible to imitate even this, it's rarely done. Most widespread scam attempts can be identified with this basic check. It's crucial to never consider any email as legitimate until this fundamental check has been conducted.

However, be cautious—while this is a straightforward indicative sign of phishing, more sophisticated attacks find ways around it. And that includes taking control of actual email addresses, thus making the scam harder to identify. But if the email claims to be from a renowned brand like Google, Apple, or Facebook, their fundamental email domain will not have been hijacked.

To verify, I examined the last 25 phishing emails I received, and each of them failed this test, albeit the disguise and graphics are now extremely challenging to discern according to the FBI's AI warning. Swindlers are becoming more adept at deceiving email users, something as obvious as the Apple logo and typography in Polderman's video proves. And AI plays a significant role in making everything appear and feel more genuine. You cannot rely on a single test for certainty. Therefore, the advice to avoid clicking links or opening attachments in any of your emails remains.

Yet, telltale signs still exist. However, all indications for 2025 warn that threats will grow increasingly sophisticated as AI tools continue to advance. In its published 2025 cybersecurity predictions, McAfee focuses on this risk, highlighting the “emerging threats consumers may encounter as cybercriminals exploit advanced AI technology.” From hyper-realistic deepfakes and live video scams to AI-driven phishing, smishing, and malware attacks, these predictions reveal how cybercriminals are utilizing AI-powered tools to create increasingly sophisticated and customized cyber scams.

The security firm outlines its AI-focused predictions below—but the entire report is worth reading. Being mindful of these threats can only be beneficial as we move towards 2025.

• The application of AI to create "highly realistic fake videos or audio recordings that mimic authentic content from real people," echoing the FBI's similar warning. "As deepfake technology becomes more accessible and affordable," McAfee states, "even those with no prior experience can produce convincing content with easy-to-use AI tools and accessible tutorials. Scammers are finding it simpler than ever to manipulate trust and deceive people."
• Again, echoing the FBI's own warnings, McAfee highlights AI providing cybercriminals with the ability to easily create more personalized and convincing emails and messages that appear to be from trusted sources, such as banks, employers, or even family members. Not only can they create these scams swiftly and with precision, but they make them more difficult to detect and increase their success rate. As AI tools become more readily available, these types of attacks are expected to grow in sophistication and frequency.
• And beyond visual tricks, AI is now driving the malware threat. Criminals are utilizing AI-powered tools to create smarter, more adaptive malware that can amplify its effectiveness. For example, advanced tools like OCR (Optical Character Recognition) technology—which can recognize and digitize the text in images or documents—can now extract sensitive information, such as cryptocurrency wallet keys, directly from screenshots or documents. As AI capabilities grow, so does the sophistication of these threats, making them more effective and dangerous.

The encouraging news is that AI can also be employed by the good guys. We have now seen development releases from Microsoft and Google demonstrating that AI is being incorporated into Edge and Chrome to use their own tools to detect threats that people are unlikely to uncover on their own. An instance of this would be scrutinizing a website against the brand it represents or discerning signals that suggest a hazard, such as requesting specific kinds of financial or sensitive personal information.

What is still lacking, however, is the same level of detection being fully implemented on-device emails. Although billions of emails are detected and blocked by platforms, too many still slip through the net. It remains wondrous to discover how obvious phishing emails with telltale signs still make it to an inbox while some legitimate emails fail to arrive. AI can remedy this—and hopefully, that will happen soon. Advanced on-device AI capabilities make this possible while protecting user privacy.

To sum up, the FBI's most straightforward message continues to be its best: "If it seems too good to be true, that's because it probably is."

1. The FBI's warning against web shopping scams during the holiday season emphasizes the importance of checking the sender's email address, scrutinizing URLs, and verifying the spelling and grammar of emails to avoid phishing attacks. This advice applies not only to Gmail but also to Outlook and other email platforms, as fraudsters often use these platforms to send deceptive emails.
2. The FBI's warning against holiday shopping scams also extends to Outlook users. As noted in their advice, companies rarely ask for your username or password, and clicking on anything in an unsolicited email can lead to phishing attacks. Outlook users should be vigilant and follow the FBI's tips to avoid falling victim to these scams.
3. The FBI's warning about holiday shopping scams is applicable to all email users, including those using Outlook and Gmail. The existence of a phishing or fraudulent warning from the FBI highlights the escalating number of attacks on various email platforms, including Gmail and Outlook. Therefore, users of these platforms should remain cautious and follow the FBI's advice to protect themselves from such scams.

Read also: