No, it’s not phishing, it’s legit, the header match with google and the link goes to https://accounts.google.com/AccountChooser/signinchooser?continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fac%2Falert%2Fdetails%3FalertId%3D3…
Why not just write the message there instead of letting me login to watch the important notification???
They know my name, yet they wrote “Dear Google Workspace Administator” as the most generic phishing attempts.
Were you expecting a Google employee to notice the issue, think “Uh oh, I better let Moonrise know about this!” and type out an email for you?
Do you know that’s trivial to write a marketing email like
“Dear <name placeholder>…”
I get that Google is just a startup with limited resources and can’t afford expensive marketing tools, but this is a basic feature offered in every marketing email software, even free ones.
The reason is that a phishing scammer usually just got a leaked/stolen email list without names, and by stating “dear <name>” they show that it’s not a phishing.
Once you train users that generic emails with “click here to read the message” are legit, then phishers have an easier life.
In this specific case they’re just announcing that a Google service that nobody was using has been killed (as is tradition) and they’re going to delete the data, there’s no reason at all to have a “click here to read”.
Email templates are ubiquitous and can easily insert names and any other variable.
Yeah actually, any non-spam email should always address you by name and that’s a rule. Many services also have this in their e-mail footers “This e-mail is for XXXXX” etc. because a typical mass sent garbage mail won’t know your name.
When I worked the email marketing opt out queue I relied heavily on the “this email was sent to [email address]” because 9/10 reports that the opt out didn’t work, they had setup forwarding from one email address to another
I doubt more than 6 people at Google knew what it was.