Everyone with a Gmail account is 'at risk' - billions told to follow 4 important rules

Everyone with a Gmail account needs to be on high alert when checking their daily batch of emails. It was recently reported that an " extremely sophisticated" new scam was landing in some inboxes that could put them at risk of online fraud. Now, security experts at Malwarebytes are warning that "all Gmail users are at risk from clever replay attack."

It's definitely not a warning anyone should ignore, as falling for the trick could give scammers full access to accounts and highly personal data.

The new attack - which was first spotted by Nick Johnson, a lead developer of the Ethereum Name Service - uses a clever tactic to make it appear that it's been sent from a real Google account. This means it not only looks official but is also able to avoid highly effective spam filters.

Johnson says an email arrived from Google suggesting a legal subpoena had been issued and access to his account was needed. It may sound far-fetched, but the scam looked real because the email addresses and domain names appeared to be actual Google accounts.

"The first thing to note is that this is a valid, signed email - it really was sent from [email protected]. It passes the DKIM signature check, and GMail displays it without any warnings," Johnson explained.

The only reason tech-savvy Johnson spotted something was wrong is that the official site should have been hosted on a platform called accounts.google.com - instead it appeared on sites.google.com.

The difference is that anyone with a Google account can create a website on sites.google.com. And that is exactly what the cybercriminals did.

Google says it is addressing the issue with an update that should stop attacks happening like this in the future.

"We're aware of this class of targeted attack from the threat actor, Rockfoils, and have been rolling out protections for the past week," a Google spokesperson told Newsweek.

However, although security is being tightened, now is not a good time to let your guard down, and it's vital to stay alert.

To help email users avoid this new scam, Malwarebytes has released some top tips to help stay safe.

These include:

• Don’t follow links in unsolicited emails or on unexpected websites

• Carefully look at the email headers when you receive an unexpected mail

• Verify the legitimacy of such emails through another, independent method

• Don’t use your Google account (or Facebook for that matter) to log in at other sites and services. Instead create an account on the service itself.

So, be warned when checking your email account and don't be fooled.