Millions of email users across the UK are being urged to exercise extreme caution following a sharp rise in sophisticated scam emails targeting Gmail and Microsoft Outlook accounts. The fraudulent messages, which cybersecurity experts describe as 'startlingly real' in appearance, are designed to trick recipients into handing over sensitive personal information.
How the Convincing Scam Operates
The phishing campaign, highlighted in a viral TikTok warning on December 28, 2025, by shopping and thrifting expert Caroline (@caroline.shops), mimics official security alerts. The emails falsely claim that a login attempt has been made on the user's account from an unknown location or new device.
To appear legitimate, the messages often include convincing details such as a specific date, a geographical location, and even a fabricated IP address. The core of the scam is a link prompting the user to 'review recent login activity'. Caroline emphasised the danger, stating: 'As soon as you click on the link, the hackers can get into your device. They can get into your information, your data, they could even get into your bank account.'
How to Protect Yourself and Verify Activity
The crucial advice from security professionals is to never click on links within unsolicited security alerts. Instead, if you receive a suspicious email, you should independently navigate to your account's security settings.
For both Gmail and Outlook users, this means manually going to the privacy or security section of your email account to check the official log of recent login attempts. This method allows you to verify any activity without engaging with the potential scam.
Public Reaction and Ongoing Vigilance
The warning shared by Caroline resonated widely on social media, with many users in the comments confirming they had received similar emails. While some noted that this type of phishing attempt is not new, the heightened realism of current versions has caught many off guard.
One commenter advised: 'I always go into my actual account to see, and I do change my password for extra security.' Another reiterated a fundamental rule: 'This is nothing new. It has been happening forever, so always check the sender's email address carefully.' The consensus is clear: constant vigilance and verifying information directly through official channels remain the best defence against these increasingly sophisticated cyber threats.
