Gmail Hack Attack — Google Says You Have 7 Days To Act
Gmail is under attack. The phrase should send shivers down your spine if you are one of the over 3 billion people who use the world's most popular email platform. The latest in a long line of threat campaigns is particularly dangerous, as it appears to come from Google itself. However, with threat actors continually changing-up their attack methodologies, becoming increasingly more sophisticated thanks to the use of AI, and even employing automatic password hacking machines in their attacks, the danger to your email account and the data it unlocks continues to mount.
Update: 7 Days to Recover Your Account
Google has confirmed that if you fall victim to the latest Gmail hack attack or any other that locks you out of your Google account, you have seven days to get it back. In light of this, here's what you need to know and do.
The latest Gmail hack attack involves a sophisticated phishing campaign that employs the use of an OAuth application and a "creative DomainKeys Identified Mail workaround" to fool victims into thinking a security alert email originated from Google itself. This has managed to bypass the exact protections that Google has put in place to help prevent such attacks in the first place.
The good news is that Google has confirmed it is putting out updated protections that counter the threat methodology used in this attack. "These protections will soon be fully deployed," a spokesperson said, "which will shut down this avenue for abuse."
Protect Your Account
To protect your account from future attacks:
* Use “phishing-resistant authentication technologies, such as security keys or passkeys,” in the first place. * Set up a recovery phone number and recovery email on your account. These can be used in cases where you forget your own password or an attacker changes the credentials after hijacking the account.
Recovering Your Account
If you fall victim to the latest Gmail hack attack, even if the attacker has changed your recovery telephone number:
* You have 7 days in which that number can still be used to regain control of, and access to, your Gmail account. * The same applies to your recovery email. "When you change your recovery email," a spokesperson said, "you may be able to choose to get sign-in codes sent to your previous recovery email for one week."
Think of a Gmail recovery phone number as being like using a seatbelt in your car; it drastically improves your safety when you use it.
Getting Human Help
Although you might not think it, it is actually possible to get help with recovering your Google account after a lockout attack from a real human being rather than just going through the automated online steps.
If you subscribe to Google One’s premium service, then you may be able to get that human assistance.
Conclusion
Don't wait until it's too late. Act now to protect your Gmail account and data. With 7 days to recover, don't let threat actors get the best of you.
Learn more about how to recover a Google account following a successful Gmail hack