With an active userbase of over 1.8 billion, Google's Gmail is one of the most popular e-mail services globally on all platforms including Android, iOS, Windows and macOS.

It attracts lot of attention from bad actors to prey on naive users. To combat such cyber threats, Google, over the years, has increased its security. But, it looks like it needs more effort.

In the latest instance, hackers have managed to come up with a new sophisticated technique that can bypass Google's DomainKeys Identified Mail (DKIM) authentication security.

Nick Johnson, a lead developer of the Ethereum Name Service (ENS) took to X to reveal the devious plan of the scamsters. He recently received an email from Google with an ID 'no-reply@accounts.google.com'. It came with a message that Google LLC had received a subpoena, a court order to submit Johnson's content stored in his Google account to the law enforcement agency. And Johnson, if he wants to reject this notice, could fill a form by clicking on the URL link provided in the email.

The content in the email looked very legitimate; it had a DKIM signature check and an authentic Gmail display headline. The URL took the user to sites.google.com. Even this looked benign, and many people would have trusted this webpage, as it has google.com, and given away their Gmail ID and password.

However, eagle-eyed Johnson was able to know that 'sites.google.com' is not an official Google domain, but a well-crafted data harvesting portal.

Gmail users are advised to tread cautiously whenever they receive an email from any company, and even Google, with a request to submit personal details.

Tips on how to safeguard yourself from such trojan apps online:

1) Always ignore and delete emails from unknown senders

2) Even if the email is from a person with a familiar name or a popular company known to you, read it carefully. Cyber crooks use lucrative offers as bait, such as cash prizes or job offers with high CTC and tell you to click on a URL link or a PDF to get more information. Do not press any link or download any file.

3) Never share online account details such as Gmail IDs, bank customer IDs and passwords on messenger apps or on emails with anybody

4) Never install apps from third-party app stores or links marketed on social media platforms. Always download apps from Google Play or Apple App Store, or Microsoft Windows Store

5) It is a good practice to install an anti-virus application from well-known publishers on your device

6) Always update your device to the latest version to protect yourself from new emerging cyber threats

Get the latest news on new launches, gadget reviews, apps, cybersecurity, and more on personal technology only on DH Tech