The text of the message couldn't be simpler, and the embedded link that brings the user to the phishing page withstands a cursory glance since it begins with the google.com domain. TrendLabs' experts took the trouble to investigate and discovered that the phishing site is hosted on a remote site.
The phishing site resembles the real one, but I think regular users could tell that something is different. Unfortunately, it's probable that most of them would think that Google is behind the change.
In any case, when emails requesting you to update any type of account come your way, it pays to be extra careful and do a little search on the legitimate site regarding the issue in question instead of following the link.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.