There is a concerning new cyber threat targeting Gmail users that everyone should be aware of. Hackers are continuously devising new strategies to compromise personal accounts, and falling victim to their latest tactic could result in unauthorized access to sensitive information.
The latest malicious scheme, identified by the Malwarebytes team, focuses on Gmail users and has successfully deceived some unsuspecting individuals. The scam begins with a deceptive message claiming to be from Google’s Support service, alerting the recipient that an account breach has been attempted and prompting a password reset. To enhance the deception, the fraudulent email may be followed by an actual phone call.
Cybercriminals employ this tactic to extract the security code sent by Google during a password reset process. If they succeed, they can infiltrate the account and pilfer a considerable amount of personal data.
Malwarebytes elaborated, “Victims receive an email or phone call purportedly from Google support, warning them of an account breach and advising them to reset their password for protection.” Subsequently, the victim receives a separate email for resetting the account, leading them to provide their login credentials. The email contains a verification code that the victim is instructed to disclose, allowing the scammers to exploit these few critical seconds to hijack the victim’s account.
While the extent of this issue remains unclear, reports from some Google users indicate recent targeting attempts. A Google account holder shared on Reddit, “He was attempting to gain control of my account while on the phone with me, under the guise of assisting with account recovery.”
To add credibility to the ruse, the scammer even instructed the victim to verify the caller’s number, disconnect the call, and dial back the number. The Redditor disclosed, “The scammer was merely bluffing, as contacting that number does not connect you to a live agent; they do not staff that line.”
If you receive any communication from Google requesting an account reset, exercise caution as it is likely a fraudulent ploy. Google has issued a statement cautioning users against disclosing any information.
“Such communications and associated websites are not affiliated with Google and may falsely offer password reset aid and other Gmail-related support services,” stated the tech giant. “Furthermore, these sites might demand payment for their services, whereas Google does not charge users for account recovery or password modification.”
“In some instances, these websites may call you, claiming account compromise or malware presence on your computer. Google does not provide phone support for Gmail, and such calls are not endorsed by Google.”
Remember to remain vigilant and avoid sharing personal details or engaging with suspicious requests to safeguard your online security.