Hackers recently managed to gain access to Google’s Salesforce database systems and leak customer and company names. Google did confirm the attacks but clarified that the data involved was largely publicly available and did not involve passwords, and only affected business – not customer – accounts.
However, as reported by PC World, it now seems that the users of Google services, like Gmail and Google Cloud, have begun seeing an uptick increase in phishing attempts.
According to a Reddit post, Gmail users are now being targeted in vishing attacks coming from phone numbers with a 650 area code. The calls themselves are from scammers that claim to be Google employees contacting victims to alert them about a security breach that affects their accounts. During these scam phone calls, the attackers attempt to take over the victims Gmail accounts by getting users to reset their password and provide this information to them. This locks the user out of their own account and hands the password over to the scammer.
Another technique that has been reported is known as the ‘dangling bucket’ method: it tries outdated access addresses to either inject malware into Google Cloud accounts or steal their data. Either way, it looks as though hackers will be targeting both companies and individuals with an increase in both phishing and vishing attempts. As Gmail and Google Cloud have 2.5 billion users, all of them should be on high alert for these types of attacks.
How to stay safe
First, know that Google does not contact users over the phone to tell them about security breaches. Consider this: there are 1.8 billion Gmail users alone. If a phone call to one user took only 20 seconds, it would take 1,141 years to make all those phone calls. Google will never contact you over the phone to personally inform you about a security issue or data breach involving your account.
Next, make sure you’ve taken all the steps possible to keep your Google accounts safe against any unauthorized access. Check out Google’s Security Checkup for recommendations on your account security and to automatically identify any vulnerabilities. You can also use Google’s Advanced Protection Program to add an extra later of security to block downloads of any harmful files and to restrict any non-Google apps from accessing your Gmail data.
Protecting yourself online means making sure you know all the signs of phishing, and vishing, so stay aware and informed. Never click on anything you’re not expecting in an email or text and never give out any personal information over the phone to anyone who randomly calls you. Keep your passwords protected in one of the best password managers, use two-step verification with your Google accounts and switch to passkeys when you can.
Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.
