How Gmail phishing emails bypass the filters and how to spot them

Oct 19, 2021
Email, Gmail

Although email spam is something that we are faced with every day, it should still be taken very seriously. There is no hard-and-fast law against spam, and most prominent spammers only get caught for wire fraud or other financial crimes and not spam emails. The only real solution is spam filters.

While Gmail has quite advanced spam filters, it is not perfect. Now and then, spammers find a way through the filters and get the chance to distribute their phishing emails. As a Gmail client, you should know how to identify and handle these emails when they get through the filters.

This is also becoming more and more difficult as spammers get more advanced in their phishing techniques. Some of the latest Gmail phishing is so advanced that they even appear to be from legitimate domains, and even the code of the email is disguised to make it appear legitimate and bypass the Gmail filters.

How do these spammers get past the Gmail filters?

The goal of phishing emails is to collect your data. These could be email addresses that the spammers can then sell, credit card information, personal information for identity theft, and even links distributing malware and ransomware. Gmail adapts its filters frequently and quickly once they identify these threats. However, it is difficult to track down the source as these spammers never use the same email account for longer than a week.

In the last few weeks, there has been a notable increase in spam that bypassed the Gmail filter, according to Sergio De Los Santos, the Director of Innovation and Laboratory in Cybersecurity at Telefonica Digital. These latest phishing attacks appear as emails related to packages that are waiting to be delivered.

The email header of these phishing emails will show something like: ‘Received: from (’. This makes it appear as if the email originated from a legitimate domain. These domains can point to real businesses such as Microsoft, Netflix, and more to appear legitimate.

Upon inspection, these domains were all created fairly recently. All contain a mailing list signup with a single form field, a unsubscribe button and cleverly encourages you to submit an application and not enter your email address. This way, they all look real. However, by interacting with any of these options, you are either signaling to the spammer that your email address is live. Or giving them more information (including your email address) by completing the ‘application’ as these forms collect email addresses even if you do not enter one.

In the body of the email, they always include information that appears legitimate. The text is usually in English and will contain purchase confirmations or password reminders; however, this is usually hidden in the HTML code (Base64 code). This code is arranged in a way so that the reader doesn’t see it. Still, it’s enough to trick Gmail’s filters.

The Base64 code is completely useless other than to trick the Gmail filters. So what is it that readers will actually see in the body of the email? What we see when opening the phishing email is a png file. This png file is repeated on various websites and looks very similar to each other.

Once you click on the email, you will be directed to a very clever bot. This bot will interact with you in your local language and advise that you have a package at their offices. They will even supply you with an image and other details to make it convincing. They will go on to tell you that the delivery address is not clear. They will request that you provide the correct information and pay the shipping fees. And just like that, they have you.

How to identify a Gmail phishing email example?

There are a few different ways that you can identify potential phishing emails. The first thing you want to look at is the address of the email received. In some cases, it can be quite easy to spot a spam or phishing email as the sender’s address might not match the business they are attempting to impersonate. However, the email address appears to come from a legitimate domain in some of these more recent attacks.

Gmail phishing email example with a link and the ‘from’ account is suspicious

Another Gmail phishing email example is an email that includes a link or a button for you to click on that redirects you to a suspicious page. How do you know it’s suspicious? Look at the address in the link. In many cases, the address won’t be the legitimate domain of the company being impersonated.

Gmail phishing email example where the ‘Reply To’ account is suspicious. Email also contains potential phishing buttons

If you receive an email regarding a package, like the current attacks that are going around, you may find it a challenge to see if the email is a phishing attempt. However, if you haven’t ordered any packages and know that no one has sent you any, you have reason to be suspicious. If you have some coding knowledge, you can look at the HTML of the email to see if the Base64 code matches the content in the body of the email. Alternatively, you can contact the company listed in the email directly, not using any contact details from within the email, and inquire with them directly.

How to report phishing Gmail attempts?

Although Gmail’s filters are quite advanced when it comes to blocking spam and phishing attacks, spammers evolve and are always looking for ways to bypass the filters. Like the recent surge where spammers fool the filters by making it appear as if the emails originate from a specific domain and get creative with the Base64 code. The best way for Google to adapt is to adjust the filters to accommodate these new threats. Google can only do this if the problem is flagged. This is why it’s so important to report phishing emails as quickly as possible.

If you report phishing, Gmail can start working on rules to block these types of harmful emails. Google has also made it very simple to report any emails that you find suspicious, and you can do so directly within your Gmail account. You simply open the suspicious email from your Gmail inbox. Next, you click on the three vertical dots to open more options. In the drop-down list, choose to report the message as phishing.

Report phishing emails in Gmail

Closing words

Phishing emails have been around for as long as emails have existed. The best defense is Gmail’s filters and being aware of how to identify potential phishing attacks. If you see any suspicious emails, make sure to report them so that Google can start working on solutions to block these attempts. The latest attacks appear to be from legitimate domains, and even the email body seems real. They also come with the premise of a package that is at their office and needs to be delivered to you. Be careful, and make 100% sure that the email is real before giving away any of your details.

More about Gmail:

What does archive mean in Gmail?

What are the best Chrome extensions for Gmail?

How Gmail phishing emails bypass the filters and how to spot them
Article Name
How Gmail phishing emails bypass the filters and how to spot them
The latest Gmail phishing emails that are bypassing the filters disguise their Base64 code and more to trick the email client.
Ghacks Technology News

Tutorials & Tips

Previous Post: «
Next Post: «


  1. JMGG said on January 19, 2012 at 8:25 am

    You said that Outlook isn’t your main email client, so which is your main one?

    1. BalaC said on January 19, 2012 at 9:42 am

      I think its thunderbird

    2. Martin Brinkmann said on January 19, 2012 at 10:15 am

      It is Mozilla Thunderbird.

  2. Salaam said on September 24, 2012 at 9:52 pm

    Awesome! This actually solved my problem… what a stupid bug.

  3. Claud said on December 19, 2012 at 2:08 am

    If this is the same bug that I’ve encountered, there may be another fix: (1) hover over open Outlook item in Taskbar, cursor up to hover over Outlook window item, and right-click; (2) this should give you Restore / Move / Size / Minimize / Maximize — choose Move or Size; (3) use your cursor keys, going arbitrarily N/S/E/W, to try to move or size the Outlook window back into view. Basically, the app behaves as though it were open in a 0x0 window, or at a location that’s offscreen, and this will frequently work to resize and/or move the window. Don’t forget to close while resized/moved, so that Outlook remembers the size/position for next time.

    1. Lynda said on February 12, 2013 at 3:37 pm

      THANK YOU Claude!!! I could get the main window to launch but could not get any other message window to show on the desktop. You are my hero!!!!

    2. Chad said on November 20, 2018 at 4:24 pm

      Solved my issue! 6 years later and this is still problem…

    3. Ivan X said on January 21, 2021 at 4:50 pm

      Fantastic. Thank you. Size did the trick.

  4. Andrew said on October 26, 2013 at 7:06 am

    This solved my Outlook problem, too. Thank you. :)

  5. Charles said on December 7, 2013 at 7:23 pm

    Thank you so much, this started happening to me today and was causing big problems. You are a life saver, I hope I can help you in some way some day.

  6. garth said on November 7, 2014 at 7:13 pm

    You are a god – thank you!

  7. Faisal said on February 9, 2015 at 10:09 am

    thanks a lot…. work like charm.. :-)

  8. Simon said on March 24, 2015 at 11:36 pm

    Yah…thanks Claude. I’ve been having the same problem and tried all the suggestions…your solution was the answer. It had resized itself to a 0/0 box. Cheers

  9. Olu said on April 14, 2015 at 1:35 pm

    Excellent post. This had me baffled even trying to accurately describe the problem. This fixed it for me.
    Thank you

  10. Coenig said on July 23, 2015 at 7:36 am

    Thanks a lot for the article. Don’t know why it happenend, don’t know how it got fixed, but it was really annoying and now it works :-)

  11. Fali said on January 20, 2016 at 4:19 pm

    Thanks a lot. I was facing this issue from past 3 week. I tried everything but no resolution. The issue was happening intermittently and mainly when I was changing the display of screen ( as i use 2 monitors). The only option i had was to do system restore. But thanks to you.

    1. MIki said on January 10, 2019 at 11:54 am

      I’ve been tried to sole this problem for 12hours. Your comment about changing the display of screen helped me a lot!! Thanks!!

  12. Christina said on January 20, 2016 at 6:14 pm

    Thank you…don’t know why this happened but your instructions helped me fix it. Running Windows 10 and office pro 2007

  13. Oz said on July 22, 2016 at 3:20 pm

    Great tip! Thanks!

  14. Tracy said on September 1, 2016 at 4:48 pm

    Worked for me, too – thank you!!!

  15. shawn said on September 9, 2016 at 10:25 am

    It’s Worked for me, too
    thank you very much!

  16. Jari said on October 31, 2016 at 11:53 am

    I had a similar issue with Outlook 2013 on Windows 10 and this helped me to fix it. Thank you very much!

  17. Michel H said on November 30, 2016 at 11:08 pm

    Thank you so much. Solved!
    Considering you published this in 2012, incredible not been debugged by Microsoft.
    Thank you again. M

  18. Ziad Bitar said on January 9, 2017 at 2:00 am

    This problem was faced by only one user logging to TS 2008 r2 using outlook 2010.The issue was resolved.


  19. Anonymous said on February 15, 2017 at 5:24 pm

    Great tip. Thank you!!!! If it helps, I had to use the Control Key and the arrow keys at the same time to bring my window back into view. Worked like a charm.

  20. Rochelle said on March 6, 2017 at 11:59 am

    Thank you, this worked !!!!

  21. anom1234 said on May 20, 2018 at 11:20 pm

    Man, you are a fucking god. Thanks a lot, what an annoying bug!!

  22. JC said on October 12, 2020 at 2:14 pm

    Awesome, this post solved the issue. Many thanks!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.