Red alert in Gmail for more than 2.5 billion users: these are the steps you should follow

Google has already admitted that it is being attacked by hackers believed to be part of the ShinyHunters extortion group, from several different angles: Google Saleforce, Google Cloud, and possibly most worrying of all, Gmail.

In the case of the email service, they're taking a hybrid approach that includes phone calls and emails , all purporting to come from official Google support staff. As convincing as they are dangerous, here's what 2.5 billion Gmail users should know and do when faced with these security scams.

It's estimated that around 30% of the world's population has a Gmail account, making it an obvious target for cybercriminals. This service also hosts private information and our access points to other platforms.

Scammers appear to be impersonating Google to try to reset an account password and take over your email inbox. Victims first receive a phone call from someone claiming to be from Google Support, warning them that an unknown person has attempted to access their Google account.

The caller warns that a password reset is necessary to stop the alleged attack and protect the user from harm. This is where the second part of hybrid fraud comes into play: an account reset email is sent to the user.

The scam itself is simple: the password reset email to the Gmail account includes a security verification code to prove it's you trying to change the password. The attacker encourages the victim to read the code over the phone so that "Google Support" can reset the victim's account and protect them from the consequences of the "attack in progress."

Of course, all they're actually doing is hacking into your account in real time, while on the phone with the victim. Google itself has stated that the number of password-stealing threats sent via email increased by 84% last year, a trend it confirmed "will only intensify in 2025."

1. Never share your Google verification code with anyone.
2. Identify scam emails and calls: Verify identity and always suspect urgency.
3. Stay informed about current scams so you can recognize them.
4. Activate two-factor authentication (2FA).