Following reports of multiple breaches that exposed significant vulnerabilities in user accounts, Google has issued a critical security alert impacting its 2.5 billion Gmail users worldwide. Multiple reports suggest millions of accounts were potentially at risk, making this one of the largest security warnings in recent years.
Google’s warning to Gmail users
If you’re one of the 2.5 billion people who use Gmail(new window), you need to be particularly careful when going through your emails. Google recently acknowledged a surge in effective and convincing phishing attacks(new window) targeting Gmail and Google Workspace users.
The latest wave of phishing uses information from a massive data breach of one of Google’s Salesforce databases. Though no passwords were leaked, this breach contained general data like customer and company names that attackers have used to make their phishing and vishing attempts more persuasive.
Although the exposed database did not include passwords or highly sensitive consumer data, the stolen business contact information has fueled a surge of phishing campaigns designed to look like genuine Google communications. Google’s threat research team warns that phishing and “vishing” (voice-based phishing calls) now make up 37% of all successful account takeovers across its platforms.
ALSO READ: Kamil Majchrzak saves young fan from heartbreak at US open and his touching gesture is viral. Who is the rising tennis star?
The breach involved business contact information such as company and customer names, which hackers have used to craft highly convincing phishing emails and voice-based social engineering scams.According to Mirror UK, Russian hackers recently found a way to bypass some of Google’s security measures due to which some of the accounts are left open to attack. This latest danger was spotted by security researchers at Google Threat Intelligence Group. It’s since been confirmed that targeted attacks have already taken place which is why this warning is so important to be aware of.
Should you be worried?
Google accounts are highly secure and users need multiple methods to access services such as Gmail. These includes all-important two-factor authentication, which sends a message to a secondary device when trying to access accounts – without that code there’s no way to log in.
ALSO READ: Has Trump really changed his schedule amid health fear rumours? Mystery around MAGA chief’s well-being deepens
But it seems Russian cyber crooks have found a way to target older phones and other devices that are unable to handle this extra verification step. Google also provides an additional security option known as app passwords—unique 16-digit codes designed to protect older or less compatible devices.
However, since these bypass the second layer of verification, they can be more vulnerable to theft or phishing attempts by hackers.
“The attackers initially made contact by posing as a State Department representative, inviting the target to a consultation in the setting of a private online conversation,” Malwarebytes explained.
“While the target believes they are creating and sharing an app password to access a State Department platform in a secure way, they are actually giving the attacker full access to their Google account.”
ALSO READ: US Open uproar: Polish millionaire Piotr Szczerek vanishes from social media after snatching child’s signed hat
Google has suggested several steps to mitigate risks for all users- including updating passwords, enabling non-SMS two-factor authentication, and enrolling in its Advanced Protection Program.
“Unlike passwords, passkeys can only exist on your devices,” Google stated on its official Account Help page. “They can’t be written down or accidentally given to a bad actor.”
Gmail users can also protect themselves by checking for login alerts, enabling phishing detection filters, and avoiding clicking on unsolicited email links. For advanced users, Google’s Advanced Protection Program provides additional tools designed to counter targeted threats.
For more details, users are advised to visit Google’s official security help resources.
These 6 new rules you should follow:
If you are concerned by this new attack, security experts at Malwarebytes have issued advice on how to stay safe, as per Mirror UK.
-You should app passwords only when it is very necessary. If you have the opportunity to change to apps and devices that support more secure sign-in methods, make that switch.
-The advice to enable MFA still stands strong. Authenticator apps (like Google Authenticator) or hardware security keys (FIDO2/WebAuthn) are more resistant to attacks than SMS-based codes, let alone app passwords.
-Regularly educate yourself and others about recognising phishing attempts. Attackers often bypass MFA by tricking users into revealing credentials or app passwords through phishing.
ALSO READ: Did Trump’s niece drop shocking clues and made chilling health revelation? What you need to know
-Make sure your operating system and apps are always up to date, as updates often fix security flaws attackers might target. Whenever possible, turn on automatic updates so you don’t have to worry about doing it manually.
-Stay alert for unusual activity, like logins from unknown devices or unfamiliar locations, and restrict access wherever you can.
-Install reliable security software that blocks malicious sites and detects scams.
as a Reliable and Trusted News SourceSource link
