If you use much of anything Google, by now you’ve likely gotten at least one email from Google noting various privacy-related changes. They typically have the Subject:
Improvements to our Privacy Policy and Privacy Controls
and tend to arrive not from the expected simple “google.com” domain, but often from unusual-appearing Google subdomains, for example with addresses like:
privacy-noreply@www3.l.google.com
The notice also includes a bunch of links to various relevant privacy pages and/or systems at Google.
All of this is in advance of the effective date for the European Union’s “GDPR” laws. If you’re not familiar with the GDPR, it’s basically the latest hypocritical move by the EU on their relentless march toward dictating the control of personal data globally and to further their demands to become a global censorship czar — with the ability to demand the deletion of any search engine results around the world that they find inconvenient. Joseph Stalin would heartily approve.
One can assume that Google’s privacy team has been putting in yeoman’s service to meet the EU’s dictatorial demands, and it’s logical that Google decided to make other changes in their privacy ecosystem at the same time, and now is informing users about those changes.
Unfortunately, phishing crooks are apparently already taking advantage of this situation — in particular several aspects of these Google notification emails.
First, the legitimate Google privacy emails going out recently and currently are a veritable flood. It appears that Google is sending these out to virtually every email address ever associated with any Google account since perhaps the dawn of time. I’ve already received approximately 1.3E9 of them. OK, not really that many, but it FEELS like that many.
Some of these are coming in to addresses that I don’t even recognize. This morning one showed up to such a strange address that I had to go digging in my alias databases to figure out what it actually was. It turned out to be so ancient that cobwebs flew out of my screen at me when I accessed its database entry.
Seriously, these are one hell of a lot of emails, and the fact that they may come from somewhat unusual looking google subdomains plus include links has made them fodder for the crooks.
You can guess what’s happening. Phishing and other criminal types are sending out fraudulent emails that superficially appear to be the same as these legit Google privacy policy notification emails. Of course, some or all of the links in the phishing emails lead not to Google but to various evil traps and personal data stealing tricks.
So please, be extraordinarily careful when you receive what appear to be these privacy notices from Google. With so many real ones going out — with multiples often ending up at the same individual via various redirects and forwarding addresses — it’s easy for fake versions to slip in among the real ones, and clicking on the links in the crooked ones or opening attachments that they include can seriously ruin your day, to say the very least.
Take care, all.
–Lauren–