Scammers are actively targeting clients publicly associated with Coalition Technologies, often through our case studies or portfolio. They impersonate Coalition employees and claim an audit uncovered serious technical issues that require immediate action. The objective is to gain access to websites, hosting accounts, or internal systems. It is a low-effort scam that relies on urgency and familiarity rather than technical sophistication.
The emails are sent from Gmail accounts, which is the first and clearest red flag. Coalition does not communicate with clients or prospects from free email services. All legitimate communication comes from @coalitiontechnologies.com, without exception. If the sender is not on our domain, it is not us.
What makes this situation more concerning is what happens after reporting.
Clients have repeatedly reported the same two or three Gmail addresses directly inside Gmail and through Google’s phishing reporting tools. Despite multiple reports over time, those same accounts continue sending messages. This is not a one-off delay, it suggests Google’s enforcement is either slow or ineffective.
The impersonation details appear to be pulled from LinkedIn, including employee names and job titles. The messages reference audits that never occurred and issues that do not exist. The approach is crude, but repetition compensates for quality, especially when platforms allow the same accounts to remain active.
If you receive a similar message, the first step is to report it inside your email platform. In Gmail, open the email, click the three-dot menu, and select “Report phishing.” This preserves headers and metadata that matter for enforcement. After reporting, delete the message.
In Outlook, select the email, click “Report,” then choose “Phishing.” In Yahoo Mail, open the message, click “More,” and select “Report a phishing scam.” Built-in tools should always be used instead of forwarding.
For Gmail-based scams, reporting in your inbox is not enough. You should also file a direct report with Google using its phishing abuse form. Paste full headers if available and clearly state that the sender is impersonating a company or employee. If the same address has contacted you more than once, say so.
None of these steps guarantee fast action. Skipping them guarantees no action at all. Until platforms treat repeat abuse as a priority, businesses and their clients are left doing the enforcement work themselves.
