Google has formally recognized a major rise in Gmail-related attacks wherein hackers are pilfering passwords to penetrate user accounts. This rise also matches a marked increase in the number of emails categorized as ‘suspicious sign-in prevented,’ which serve as Google’s alert indicating that ‘an attempt to access your account has recently been blocked.’
Cybercriminals are quite familiar with this condition; they know that Gmail users are particularly concerned as a result of these security alerts and that this anxiety helps them to launch their Gmail phishing attacks. Google advises, “Hackers sometimes attempt to mimic the ‘suspicious sign-in prevented’ email to trick people into divulging their account details, therefore giving these criminals access to user accounts.”
If you get this warning email from Google, you must avoid clicking on any buttons or links within the email. Instead, you should navigate to your Google Account, pick Security from the left navigation panel, then click on the recent security events panel to review security events. Should any of the indicated occurrences raise concerns, such as unknown times, places, or equipment, you have to click on ‘Secure Your Account’ at the top of the page to start a password change.
Clicking any link inside this or any other email purporting to be from Google will take you to a fake sign-in site. Entering your password and username on that site exposes you to hackers who could then take control of your account, giving them access to all your information. This Gmail phishing scam mirrors the current Amazon refund scam, which sends a text message with a link for a fraudulent Amazon refund meant ultimately for stealing login credentials. There are two ways to fix this problem. First, never click on any links sent in emails or text messages. Second, to avoid such hacking attempts, strengthen your security by including passkeys to your Google, Amazon, and other accounts.
Over the last year, the changing trend of using seemingly genuine emails, messages, and phone calls that closely mimic the content and style of real communications has become alarming. This also covers the use of actual infrastructure to give credibility.
More Security Updates: Critical security flaws patched and here’s how to update your Android phone.
