Android developers with apps on Google Play have been receiving fake emails notifying them of violating Google’s terms of service.
The email tells developers that their apps will be removed from the Google Play Store and their accounts terminated. It then advises developers to click a link inside the email, which opens a fake developer console, and enter their username and password – thus leaving their account vulnerable.
Google has sent an email to developers warning them of the scam and providing some links in case their accounts have been compromised.
Google’s letter reads:
“We are aware that some Google Play developers have received policy warnings from a fake Google account. The subject lines of the fraudulent emails include variations of “3-Day Notification of Google Play Developer Term Violation.” If you received an email with this subject line, please mark it as phishing and proceed to delete it without clicking on any links contained within it. Find out more about recognizing phishing emails here:https://support.google.com/accounts/answer/75061.
If you use Gmail, please report all phishing attempts by following these instructions: https://support.google.com/accounts/answer/75061.
As a general reminder, you should only enter your Google account password on the official Google sign-in page: https://accounts.google.com/. Also note that the official URL for the Google Play Developer Console is https://play.google.com/apps/publish/.
If you believe your account has been compromised, please follow these instructions: https://support.google.com/mail/answer/50270.”
These scam emails should be pretty easy to spot. Nevertheless, it’s appears to be the first time phishing attempts have targeted Google’s developer accounts in this manner. Perhaps the scammers are trying to take advantage of the fact Google has been fairly ban-happy in the past when it comes to ToS violations. So much so, there was a petition launched by developers last month over the issue.