The Gmail Agency
Communication from 'agencies' or 'senior leads' who don't have a professional domain or website.
“Emails from professional-sounding agencies using @gmail.com”
What this pattern means
If an agency is asking you for thousands of dollars to build a 'world-class e-commerce experience' but can't be bothered to spend $12 on a domain name, there is a fundamental disconnect. While some talented freelancers use personal emails, anyone claiming to be a 'Senior Developer' or a 'Lead at [Agency Name]' should be reaching out from a professional domain. Using @gmail.com or @outlook.com for cold outreach is a sign of a fly-by-night operation that can disappear the moment a project goes south.
The psychology of the scam
This tactic uses classic social engineering to create a sense of trust or urgency. By following a behavioral script, the actor attempts to bypass your natural skepticism and move you closer to a payment or access request before you've performed a full background check.
What to do instead
- Slow down the conversation and ask for verified case studies of live stores.
- Avoid making any access or payment decisions during the initial outreach phase.
- Verify their public identity (LinkedIn/Portfolio) through a separate search.
- Trust your intuition—if the outreach feels rehearsed or “too good to be true,” it usually is.
Details
Severity
Medium Risk
Category
credibility
Tags