A new scam targeting Gmail and Microsoft Outlook users has been described as “startlingly real”, with experts warning people to remain vigilant when checking their emails. The sophisticated phishing attempt could inadvertently grant hackers access to sensitive personal information and financial data.

Since most people use their email accounts for everything from social media and online shopping to banking, compromised access could allow cybercriminals to discover passwords to numerous important websites – potentially leading to financial theft.

Caroline, a shopping and thrifting expert on TikTok, has shared a detailed warning about the scam, explaining that it appears as a legitimate email encouraging recipients to click on a link – which should be avoided at all costs.

She explained that the fraudulent email mimics the standard security notification you might receive when logging into your account from a new device, alerting you to a login attempt in case it wasn’t authorised.

However, this deceptive email will claim that an unknown individual has attempted to access your account, and may even include convincing details such as a country location and IP address for the supposed intruder. The scam will then prompt you to click on a link to review your recent login activity.

While this might seem legitimate, it is not, and this will give hackers access to your account.

Caroline warned: “Scammers are sending emails to people with Gmail and Microsoft saying that a login has been detected from an unknown location. The email will show a date, a location, and sometimes even an IP address. These emails will look startlingly real.

“These emails will then ask you to review your recent login activity by clicking on a link. Then, as soon as you click on the link, the hackers can get into your device. They can get into your information, into your data, they could even get into your bank account.”

If you are concerned about the legitimacy of the email, there is a way to secure your email without having to click on any potentially suspicious links.

Simply go directly into your email and locate your privacy and security settings. Within these settings, there should be an option to review your most recent login attempts, which should indicate if anyone other than yourself has tried to access your account. If you discover anything suspicious, you should also be able to find the necessary steps to secure your account.

Before clicking on any links in any emails, it’s crucial to verify the sender. The simplest way to do this is by examining the email address used by the sender.

While the sender’s name may appear authentic, displaying titles such as “Microsoft” or “Google”, expanding the sender’s email address typically reveals it originates from a dubious source, featuring numerous digits or a misspelt variation of the organisation it purports to represent.

Viewers of Caroline’s video expressed gratitude for her cautionary advice. Although some noted the scam has been around for quite some time, others mentioned they would be sharing the footage with elderly family members, who may be unaware of such tactics and are more vulnerable to falling prey.

One viewer commented: “Yes, I’ve had those types of emails, and they do look so legit. I always go into my actual account to see, and I do change my password for extra security.”

Another remarked: “This is nothing new. It has been happening forever, so always check the sender’s email.”