Warning to all 1.8bn Gmail users over password hack
Share this @internewscast.com

Gmail users have been hit by a torrent of phishing scams in recent months — but Google says don’t panic if you fall for one.

Even if you’re locked out of your account by one of these password-stealing scams, the tech giant says you can still regain access for up to a week.

Users simply need to make sure they have a recovery phone number or email configured in their accounts, which will enable them to answer security questions and confirm their identity.

So anyone who doesn’t have these backups enabled should do so now, says Google. 

The public service announcement comes just weeks after Google confirmed a ‘sophisticated’ attack targeting all of its 1.8 billion Gmail users.

The phishing scam was first reported by Nick Johnson, a developer for the cryptocurrency platform Ethereum.

Johnson posted a screenshot of an email that seemed to originate from a valid Google address, asserting that he had received a subpoena and was required to surrender access to his account.

A Google representative informed DailyMail.com: ‘We are aware of this type of targeted attack from this threat actor and have implemented protections to close this path for misuse.’

Google has created a way for you to regain control of your hacked Gmail account ¿ but you only have seven days to act

Google has created a way for you to regain control of your hacked Gmail account — but you only have seven days to act 

The phishing scam was first reported by Nick Johnson, a developer for the cryptocurrency platform Ethereum

The phishing scam was first reported by Nick Johnson, a developer for the cryptocurrency platform Ethereum

‘In the meantime, we encourage users to adopt two-factor authentication and passkeys, which provide strong protection against these kinds of phishing campaigns.’

Johnson said clicking the fraudulent link in the email took him to a ‘very convincing ‘support portal’ page.’ 

He then clicked ‘Upload additional documents’ and ‘View case,’ and both links took him to ‘exact duplicates’ of legitimate Google pages.

These pages asked Johnson to sign into his Google account. 

‘From there, presumably, they harvest your login credentials and use them to compromise your account; I haven’t gone further to check,’ he explained. 

He noted that the nefarious email passed the DKIM signature check, which is used to verify that parts of an email haven’t been altered on its way to your inbox, and that Gmail displayed it without any warnings. 

‘It even puts it in the same conversation as other, legitimate security alerts, he added. 

Google said that it has shut down the mechanism that allowed this method of attack to work, and recently shared guidance on spotting and avoiding email scams. 

‘Google will not ask for any of your account credentials — including your password, one-time passwords, confirm push notifications, etc. — and Google will not call you,’ the tech giant said.

Phishing attacks aim to get users to share their personal information with hackers, which they can use to steal victims' identity or money (STOCK)

Phishing attacks aim to get users to share their personal information with hackers, which they can use to steal victims’ identity or money (STOCK)

Phishing attacks like this one aim to get users to share their personal information with hackers, which they can use to steal victims’ identity or money. 

The goal is to make the devious message appear as legitimate as possible to trick users into believing they’re sharing their information with a trusted entity.

That’s why the hackers behind this Gmail attack used Google Sites to craft their scam, ‘because they know people will see the domain is http://google.com and assume it’s legit,’ Johnson explained.

Phishing messages typically use a generic greeting, inform you that there is an urgent issue that cannot be resolved without your action, and invite you to click on a link

Phishing messages typically use a generic greeting, inform you that there is an urgent issue that cannot be resolved without your action, and invite you to click on a link

If you use a password to log into your Gmail account, then unwittingly share it with a hacker, there’s nothing stopping them from breaking in. 

It’s as simple as using your password and a 2FA code on their own device to access the account. 

But using a passkey and 2FA makes it much harder for hackers to break in.

A passkey is a system-generated, highly secure login code cannot easily be guessed, stolen or phished. 

It only works on the physical device it’s linked to, which means hackers can’t use it to gain access to your account on their devices. 

In addition to swapping your password for a passkey, you can learn to spot the telltale signs of a phishing attack to protect your online accounts. 

Even though these scams are getting harder to identify, there are some details that will give them away. 

Phishing messages typically use a generic greeting, inform you that there is an urgent issue that cannot be resolved without your action, and invite you to click on a link.

While legitimate companies like Google may communicate with users via email, they won’t send you a link to resolve issues like updating your login or payment information.

Share this @internewscast.com
You May Also Like

Court Declares Arson of Ukrainian Restaurant as Act by Russian Intelligence

AP — An arson attack on a restaurant and supermarket in Estonia…

Fast Food Chain’s ‘Insensitive’ Ad Sparks Outrage Among Fans

Steak ‘n Shake’s latest ‘marketing tactic’ has left social media users with…

Michael Madsen’s last update revealed actor’s new career move

Michael Madsen’s poignant final post saw him reflect on a surprising new…

The Close Relationship Between the Late Sophia Hutchins, 29, and Caitlyn Jenner, 75

Caitlyn Jenner will be left heartbroken following the death of her best friend and…

Michael Madsen’s Family Hurries to His Residence Following His Passing

Michael Madsen’s heartbroken family rushed to the late actor’s Malibu home on…

Caitlyn Jenner Speaks Out on the Passing of Sophia Hutchins at 29

Distraught Caitlyn Jenner has broken her silence after best friend Sophia Hutchins’ shock death in a…

Khanna: Medicaid Benefits Subtly Extend to Some Undocumented Immigrants, But States Shoulder the Responsibility Under BBB

On Thursday’s broadcast of NewsNation’s “Cuomo,” Rep. Ro Khanna (D-CA) responded to…

Standing Just 10 Feet Away from Kohberger: The Unforgettable Details I Witnessed

Bryan Kohberger spoke very little to the families of his victims on…

ATV Crash: The Accident Scene of Sophia Hutchins Found in a Ravine

Horrific footage shows the ravine where Caitlyn Jenner’s manager and longtime friend…

Funeral for Liverpool’s Diogo Jota Commences Today: Player Returns to Hometown

Liverpool star Diogo Jota’s funeral will start at 3pm on Friday, just a day…

Raskin Accuses Trump of Turning Immigration Law into a Criminal Matter

On Thursday’s broadcast of CNN’s “AC360,” Rep. Jamie Raskin (D-MD) stated that…

Why the Queen Was Unhappy at Harry and Meghan’s Wedding

The late Queen Elizabeth II was ‘not at all content’ on Prince…