Google has issued a crucial alert to all Gmail users, cautioning them about potentially fraudulent notifications on their phones that purport to warn of suspicious account activity. These alerts, although appearing genuine, may actually be sophisticated scams designed to seize control of users’ devices.
The issue came to light in February when a Reddit user shared their experience of receiving a message ostensibly from ‘Gmail from Google.’ The message claimed that their email account was compromised and required immediate recovery action.
The user further explained that prior to this message, they had received multiple emails regarding “sign-on attempts” from various IP addresses, notably from locations such as Venezuela and Bangladesh. This sequence of events created a facade of legitimacy that ultimately led to deception.
In reality, the alert was a cleverly disguised scam. It lured the victim into clicking a link, which redirected them to a counterfeit Google site. Here, the scam successfully extracted sensitive information, including the user’s password and phone number.
Though Google genuinely sends out notifications about thwarted suspicious sign-ins when accounts are under threat, the tech giant acknowledges that cybercriminals have begun mimicking these alerts. Their aim is to frighten users into inadvertently surrendering control of their accounts.
Google advises users to remain vigilant and wary of any messages requesting personal information, such as usernames or passwords, or directing them to unfamiliar websites where such information is solicited.
The Reddit user revealed they had reused their Gmail password across multiple websites, potentially giving scammers access to most of their online activity.
The victim said they only realized they had been scammed by a fake phone alert after checking the official Google account records of activity and finding there was never any suspicious sign-in detected.
Google has warned that hackers are making fake warnings that Gmail users had suffered an unauthorized access in their accounts (stock image)
Once a victim opens this malicious link using their phone, the phishing scam can compromise this mobile device itself, especially on Android phones, as malware disguised as a ‘Google security check’ may be downloaded into the device.
This can lead to the device being fully hijacked, allowing hackers to spy on the phone’s activity, steal data stored or entered on the device, and potentially gain remote access to the phone.
In their Account Help center, Google recommended Gmail users take six immediate steps if they ever receive ‘suspicious sign-in prevented’ on their phones.
Without clicking on any link that may have been sent along with the Gmail warning, the tech giant urges users to first go to their Google Account.
Once on the page, users will see their email displayed at the center of the screen, and to the left, there will be a navigation panel where they need to click Security.
The third step is to review your most recent security alerts by clicking on the ‘Recent security events’ panel.
There, any suspicious logins over the last month will be posted with the time and location of the sign-in. Google users should suspect something is wrong if they see a sign-in from a state or country they have never visited, or at times when they knew they were not online.
If you see activity that Google would call ‘unfamiliar,’ Gmail users can then click the option to ‘secure your account’ at the top of the page.
Google recommends that anyone receiving the emails avoid clicking links sent and go straight to their Google Account page
Google has reported that the number of ‘suspicious sign-in prevented’ emails sent has sharply increased since last year (stock image)
From there, Google will guide users on how to change their password. However, cybersecurity experts urge all of Google’s 1.8b illion Gmail users to also enable two-factor authentication.
This adds another layer of security by sending a secret code to a person’s phone, email or to the Authenticator app when they log into certain sites.
Google confirmed in August 2025 that hackers were stepping up their attacks on Gmail in an effort to gain more passwords and potentially access millions of accounts around the world.
This included more fraudulent ‘suspicious sign-in prevented’ emails being sent to fearful Gmail users who panic and click the link, hoping to secure their digital lifelines.
‘I panicked. Normally, I would recognize this as phishing, but it had never happened on the phone before, and I clicked on the link, “signing on,” which gave the scammer my Gmail password,’ the Reddit user explained.
Cyber experts have previously warned the Daily Mail that email users also need to use strong, complex passwords to secure their accounts from hackers who may try to guess them. It is also considered good ‘digital hygiene’ to not continually reuse the same passwords all over the internet.
‘Why, in 2026, would you use the same password on multiple sites?’ one person asked the Reddit user.
‘2FA [two-factor authentication] can be annoying or cumbersome at times, but with it on, you should be fine from now on. Faith in the Authenticator app!’ another person added.
