There is a phishing scam going around right now. This time it’s targeting Google Play developers. A lot of developers on r/android have posted this same email, and basically it looks like it’s legitimately from Google, but it is not. If you look at the email it’s from ‘firstname.lastname@example.org’. Looks pretty legit right? Oh wait, there’s an extra “o” in the word Google there. So nope, it’s not legit. And this is not an email address affiliated with Google. Basically the goal of this email is to get you to turn over your Google Play credentials. I feel that this needs to be said here, no company will ever ask you for your username and password. Why? Why should they? If they really need to get into your account, they can do so without using your credentials. If the person legit works for that specific company, then there is a way for them to get into your account if it’s needed, without asking for your information. Never give out your password.
I also feel we need to brush up on our Phishing vs Spam emails. Basically, Phishing is when someone is attempting to get info from you. Like your Social Security number, phone number, address, username and password, etc., while spam is just emails that you don’t want to deal with. It’s also important to note that you should never give out information like passwords or social security numbers through email, as it’s not safe.
This phishing email is actually one of the better ones I’ve seen in recent memory, as the grammar is mostly correct. It’s also very descriptive. Most people would just say “your app” this one actually fills in the name of the app. But when you get an email like this, it’s always a good idea to check out the sender’s name. And make sure there are no typos. Some may change the “o” in Google to zeros to get past you.
If you do get this email, don’t even open it, just report it to Google as spam or phishing, and go on about your business. Definitely do not click on any of the links, and if you do, go and change your password immediately.