If you see this, your Gmail account issues under attack.
NurPhoto via Getty Images
Republished on August 31 with new advice following Gmail attack warnings.
Google is clearly frustrated by countless headline warnings of “2.5 billion Gmail accounts exposed as massive hack uncovered.” This is not the case and Google Cloud and Gmail data was not affected in the recent breach, Google tells me.
But Gmail is under attack nonetheless. The company has also confirmed that such threats are surging as hackers successfully gain access to user accounts. And that brings us to another Google frustration — and one that’s much more persistent that this month’s furor after its Salesforce breach.
“Please reiterate to your readers that Google will not call you to reset your password or troubleshoot account issues,” the company asked me. And yet calls from its customer support number continue to trick users into opening their accounts to hackers.
“A person claiming to be a Google employee will contact you by phone (typically using a phone number with a 650 area code),” Proton warns, “and inform you that suspicious access attempts were detected on your Gmail account.”
If you take the bait, “the person attempts to get you to reset your password under the guise of keeping your account secure.” But be warned, “once this is done, the scammer can lock you out of your Gmail account,” which leads to a world of pain.
The number you need to watch for is +1 (650) 253-0000, which a quick Google search tells you is linked to “the global headquarters of Google.” It has been spoofed.
A typical Reddit post reports that a “guy with a very Californian accent” called from this number to warn of unauthorized account access and to talk the user through steps “to secure my account and prevent further recovery attempts from outside of the U.S.”
These Gmail attacks “begin with unauthorized account recovery attempts originating from international locations,” per Cyber Press. “These initial attempts serve as reconnaissance, testing account security measures and potentially creating a sense of urgency for the target. Days later, victims receive phone calls from what appears to be Google’s legitimate customer service number: +1 (650) 253-0000.”
If you do receive a call from that number, it’s an attack. Log into your Google account using the usual, publicly available method — never a link. Go to Security—Review Security Activity and see what’s listed. If there are no unfamiliar logins, you can relax.
While there, you can run a Security Checkup and follow any recommended steps. You should certainly replace SMS 2FA with an authenticator app and add a passkey. It’s also worth changing your password to something strong and unique.
Meanwhile, those Gmail password headlines continue to fill newsfeeds, despite Google’s clarification as to the extent and limits of exposure from its Salesforce breach.
Venn’s David Matalon told me “Google’s warning is an important reminder that compromised passwords remain a major threat,” which is clearly the case.
Shane Barney from Keeper Security says this is because “compromised credentials continue to be the top entry point for attackers, and Google’s disclosure is a reminder that even the best platforms can’t protect accounts if passwords are weak, outdated or stolen. Whether through phishing, credential stuffing or social engineering, hackers know it’s far easier to go after logins than to break encryption.”
Matalon says “personal devices accessing corporate accounts can be a weak link,” per all the enterprise bad password warnings. “Companies can reduce risk by implementing technology that enforces strong zero trust and data loss prevention policies, isolating work from personal data on devices they are not directly managing.”
“The best defense is layered security,” Barney says. “For Gmail users, that starts with replacing old passwords with long, unique ones in a password manager, enabling two-factor authentication with an authenticator app and adopting passkeys when possible.”
“These steps don’t eliminate risk entirely,” Barney says, but they make account takeover dramatically more difficult and far less attractive to attackers.” And that’s the goal.
Source link
