Google Confirms Gmail Update—How To Keep Your Email Account
This is the warning that really matters. Google has confirmed a new Gmail update, but with a warning for 3 billion users. Take heed. Because this is how you keep your email account. If you fail to follow this advice, you could find yourself losing access to your account and all your content.
Google is rightly frustrated. The latest attack on a Gmail user, which has somehow become a major threat despite it happening to a small number of users, is distracting attention from its much more important warning. The danger is that the advice is drowned out by the noise as countless articles delve into how a fake email was sent in such a way that it appeared to come from Google itself.
The optics of millions of users checking their autosent Google emails is painful. So first, let's get down to basics. No, you are not about to receive a flood of fake emails from no-reply@google.com or any other authenticated Google email address. Such attacks are targeted and very rare. That’s why they generate so many headlines in the first place.
You will receive a flood of malicious phishing emails though, despite Google’s assurance that its defenses now filter out 99% of these. And you do need to change your account settings to ensure you add a passkey and that you don’t rely on SMS two-factor authentication. This is being phased out, but you should move faster and change today.
Gmail users must be vigilant about these sophisticated attacks that pretend to be from Google. These attacks rely on two false premises: that Google’s support staff may reach out to you by email, phone or message; and if you ever do receive an email or message relating to an account issue, that Google may “ask for any of your account credentials — including your password, one-time passwords [or] confirm push notifications.”
The same is true of the company sending links to pages where you enter your credentials — it will not. Last time there was this furor over a similar attack, Google asked me to “reiterate to your readers that Google will not call you to reset your password or troubleshoot account issues.” And it has reissued that warning in the wake of this latest attack.
But the danger is this simple advice is drowned out by the technicalities of 0Auth and DKIM (DomainKeys Identified Mail) checks to authenticate senders, including Google itself. None of this takes anything away from the awkward optics of this latest attack or Google’s exposed vulnerabilities — albeit these have been patched just as others were patched in January, when a similarly sophisticated hack made headlines.
The Importance of Basic Security Measures
Clearly as one door shuts, attackers will find another. And so it’s even more critical that all Gmail users go back to basics. Set up a passkey and a stronger form of 2FA than SMS, given you still need a password as backup access for your account.
And remember, any proactive support contact from Google (or Microsoft or Apple or Samsung or any other big tech company) is a scam. If you have any doubt, hang up the call or ignore the emails and reach out to the company using normal, publicly available channels.
The Bottom Line
Google’s latest warning is not just about phishing attacks; it's about being proactive about your email security. By following these simple steps, you can protect yourself from falling victim to these sophisticated attacks. So take heed and don’t wait – update your account settings today.