There is a concerning new online threat that Gmail users should not overlook. Hackers are continuously devising new methods to target consumers, and falling for their latest scheme could result in granting full access to email and other accounts.
The most recent danger, identified by the Malwarebytes team, seems to be aimed at Gmail users, making it easy for some individuals to be deceived. The scam initiates with a message purportedly from Google’s Support service, claiming that an account breach attempt has occurred and necessitating a password reset. To enhance credibility, the email may be followed by an actual phone call.
Hackers employ this tactic to acquire the security code sent by Google when resetting a password. If successful, they can infiltrate the account and pilfer a significant amount of personal information.
“Victims receive an email or phone call supposedly from Google support warning of an attempted hack on their account. The advised course of action is to reset the password to safeguard themselves,” as explained by Malwarebytes.
“They subsequently dispatch a separate account reset email to the victim, who obediently enters their login details. The email includes a code that the victim must provide to validate their identity. The support personnel claim they will input this code for system reset, but in reality, they exploit those critical extra seconds to seize control of the victim’s account.”
The extent of the issue remains unclear, but some Google users have reported being targeted recently. A Google account holder shared on Reddit, “He was actively trying to regain control of my account and take possession of it while speaking with me.”
To add to the authenticity, the scammer even instructed the victim to verify the calling number, disconnect the call, and redial the number.
“He was completely deceptive—calling that number results in no human response,” stated the Redditor. “There are no agents available on that line.”
Should you receive any communication from Google indicating a need to reset an account, exercise caution. It is highly likely a scam.
Google has addressed the issue, advising users not to disclose any information.
“These communications and associated websites are not affiliated with Google and may falsely offer password reset assistance and other Gmail support services,” stated the US company.
“Furthermore, these sites might request payment for their services. Google does not charge for account recovery or password changes.
“In some instances, these websites may contact you, claiming your Google Account was compromised or that your computer has malware. Google does not offer phone support for Gmail, and these calls are not endorsed by Google.”