tl;dr

Overview of the Scam

A new phishing campaign is circulating that targets Google Account users with fake notifications about “completed documents.” The email uses the subject line:

Subject: All Parties Have Completed the Envelope

The body of the email is extremely minimal. It contains a short message asserting that all parties have “completed the envelope” and invites you to click a “View documents” link.

There is no context, no sender information, and no legitimate branding, which are all classic signs of a phishing attempt.

What Happens If You Click the Link

Clicking the “View documents” button triggers a two-step deception carefully designed to appear more trustworthy than a typical phishing page.

1. A Fake Image CAPTCHA Appears

Instead of taking you straight to a phishing form, the link loads a fake CAPTCHA pop-up and asks you to “verify you are human.”

This is purely theatre.

By adding a CAPTCHA screen, even a bogus one, the attackers increase the chance that victims will proceed without questioning the site’s legitimacy.

2. A Counterfeit Google Login Page Loads

After the fake CAPTCHA, you are redirected to what appears to be a Google Account sign-in screen.

The design, colours, and layout closely mimic Google’s real login page. However:

• The URL is not a Google domain.

• The page is on a website controlled by criminals.

• Any credentials entered go directly to scammers.

What the Scammers Do with Stolen Credentials

If you enter your Google email and password, attackers can:

• Hijack your Google Account

• Access Gmail, Drive, Photos, Contacts, and any stored personal documents

• Read your emails and search history

• Send phishing messages under your identity

• Reset login credentials for other linked accounts

• Steal sensitive personal or business information

• Commit identity theft

• Target your contacts with further scams

Because many people use Google to store entire digital lives, the consequences can be severe.

Why This Scam Works

This attack is effective for several reasons:

It mimics real document-signing notifications

People are used to receiving automated messages from DocuSign, Adobe Sign, and other e-signature platforms. The casual, administrative style of the message is typical of such services.

The fake CAPTCHA creates a false sense of legitimacy

Victims think:

“If scammers wanted my login, why would they bother with a captcha?”

That moment of misplaced confidence is precisely what the criminals rely on.

The fake Google login looks authentic

Many phishing kits copy Google’s interface pixel-for-pixel, leaving the URL as the main tell-tale sign.

How to Protect Yourself

1. Check URLs carefully

Google will never ask you to log in to anything other than:

• https://accounts.google.com/

• https://myaccount.google.com/

Anything else is suspicious.

2. Don’t trust document notifications you weren’t expecting

If you’re unsure, contact the sender directly using known contact details. Don’t use contact details listed in the email itself.

3. Enable 2-Step Verification

Even if scammers obtain your password, they cannot log in without your second authentication factor.

4. Report phishing

If you are using Gmail, you can use the “Report phishing” option to help block similar attacks. (In the top-right corner of the email, click the three vertical dots to access the “Report phishing” option).

Alternatively, you can report a phishing website via Google’s Safe Browsing webpage.

What to Do If You Have Already Entered Your Details

If you think you may have submitted your Google login on a fake page:

1. Immediately go to https://myaccount.google.com/

2. Change your password

3. Enable 2-Step Verification

4. Check the “Security Activity” section for suspicious logins

5. Review account recovery options to ensure they haven’t been altered

6. Consider notifying contacts to watch for scam emails that appear to come from your account.

A screenshot of the scam email:

Share Hoax-Slayer

Leave a comment