All 2.5 billion Gmail users have been told by Google to change their passwords, as hackers have found a scarily easy way to access your account — making calls and sending emails pretending to be Google support.
As reported by Phone Arena, there has been a sharp uptick in users who are falling for bogus sign-in pages, which takes all the info any hacker would need to steal a two-factor authentication code and get into your account. In fact, Google said "phishing and credential theft methods" make up 37% of phishing attempts.
Keep your passwords protected in one of the best password managers, use two-step verification with your Google accounts and switch to passkeys when you can.
According to a Reddit post, Gmail users are now being targeted in vishing attacks coming from phone numbers with a 650 area code. The calls themselves are from scammers that claim to be Google employees contacting victims to alert them about a security breach that affects their accounts. During these scam phone calls, the attackers attempt to take over the victims Gmail accounts by getting users to reset their password and provide this information to them. This locks the user out of their own account and hands the password over to the scammer.
Another technique that has been reported is known as the ‘dangling bucket’ method: it tries outdated access addresses to either inject malware into Google Cloud accounts or steal their data. Either way, it looks as though hackers will be targeting both companies and individuals with an increase in both phishing and vishing attempts. As Gmail and Google Cloud have 2.5 billion users, all of them should be on high alert for these types of attacks.
How to stay safe
First, know that Google does not contact users over the phone to tell them about security breaches. Consider this: there are billions of Gmail users. If a phone call to one user took only 20 seconds, it would take 1,141 years to make all those phone calls. Google will never contact you over the phone to personally inform you about a security issue or data breach involving your account.
Next, make sure you’ve taken all the steps possible to keep your Google accounts safe against any unauthorized access. Check out Google’s Security Checkup for recommendations on your account security and to automatically identify any vulnerabilities. You can also use Google’s Advanced Protection Program to add an extra later of security to block downloads of any harmful files and to restrict any non-Google apps from accessing your Gmail data.
Protecting yourself online means making sure you know all the signs of phishing, and vishing, so stay aware and informed. Never click on anything you’re not expecting in an email or text and never give out any personal information over the phone to anyone who randomly calls you.
Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.
