'Google Workspace' phishing emails

News

Posted on Tuesday 17 February 2026

Look out for a convincing new phishing campaign targeting Google Workspace users - and warn your friends and colleagues too.

We've already seen examples of these emails targeted at University email addresses, so make sure you know what to look out for to keep your account safe.

The emails will typically have an urgent subject line designed to make you anxious and trick you into acting. They claim that your organisation has exceeded, or is approaching, its pooled storage limits and that your services - including Gmail and Drive - will be suspended if you don't "free up" or "get more storage" for your account.

Google did recently transition to pooled storage for many Workspace editions, so this tactic is particularly effective at catching people off guard.

The screenshot below shows one example, but be aware that there will be other variations around. A screenshot showing a phishing email

If you receive this email, or anything like it, and it has not come from a ‘google.com’ address, do not click any links within the email. Instead, mark it as Spam within Gmail (by clicking the Spam button at the top of the email window) and then delete it.

We've provided advice on spotting and dealing with phishing and scam emails on our website to help you protect yourself from fraud:

Phishing, fraud and scams

If you are ever unsure about the legitimacy of an email, please get in touch with IT Support by emailing itsupport@york.ac.uk.