The reported attack uses Google account recovery request systems and hidden formatting tricks to make phishing emails look more trustworthy. Meanwhile, Coinbase, Microsoft, and Europol have taken action against large-scale phishing networks linked to millions of malicious emails each month.
Google Email Phishing Scam Targets Crypto Users
Crypto users are being warned about a phishing campaign that disguises malicious emails as legitimate Google security notifications. The scam reportedly abuses real Google account recovery systems to send messages that look trustworthy at first glance, which increases the chances that users will interact with them.
The emails often use phrases like “recovery contact request” or “review request,” which creates the impression that the message is part of a genuine Google security process.
The danger lies in how convincing these emails can appear. Unlike traditional phishing attempts that often contain obvious spelling mistakes or suspicious sender addresses, these messages may appear to come through real Google systems. Attackers are also using formatting tricks inside the email itself.
Large blank spaces or hidden formatting can push malicious links far below the visible part of the message. This allows the top section to resemble a normal security alert while concealing harmful content further down.
For crypto users, the consequences of falling for these scams can be severe. A fake login page can capture passwords, session cookies, or two-factor authentication codes. Once attackers gain access to an exchange account or wallet interface, funds can potentially be transferred within minutes. Because cryptocurrency transactions are generally irreversible, victims often have little chance of recovering stolen assets after an account compromise.
There has been an increase in phishing and online fraud targeting the crypto industry. Binance recently stated that its systems blocked 22.9 million phishing and scam attempts during the first quarter of 2026. According to the exchange, these security measures helped protect almost $2 billion in user funds.
At the same time, developers across the blockchain industry are trying to improve wallet security. Ethereum’s ERC-7730 Clear Signing standard is one example, as its goal is to make transaction approvals easier for users to understand before authorizing potentially dangerous requests.
Blog post from Coinbase
Authorities and major technology firms are also intensifying their efforts against organized phishing networks. Earlier reports revealed that Coinbase, Microsoft, and Europol participated in operations targeting the Tycoon 2FA phishing network, which was allegedly responsible for distributing millions of phishing emails every month.
Security experts and Google itself are encouraging users to avoid interacting with suspicious links sent through email. Instead, users should manually open their Google account settings, exchange applications, or wallet platforms directly through official websites or apps to verify any alerts.
