Google Confirms Gmail Update—How To Keep Your Email Account
This is the warning that really matters. As a user of Google's popular email service, it's essential to take heed of this update, especially since millions of users are at risk due to a recent attack on a Gmail user.
Google has confirmed a new Gmail update with a warning for 3 billion users. Take heed because this is how you keep your email account safe. If you fail to follow these simple steps, you could find yourself losing access to your account and all your content. The damage that can be done in the interim is huge.
Google is rightly frustrated with the latest attack on a Gmail user, which has become a major threat despite it happening to only a small number of users. The danger is that the advice is drowned out by the noise as countless articles delve into how a fake email was sent in such a way that it appeared to come from Google itself.
No, you are not about to receive a flood of fake emails from no-reply@google.com or any other authenticated Google email address. Such attacks are targeted and very rare. That's why they generate so many headlines in the first place. However, you will receive malicious phishing emails that filter out by 99% thanks to Google's defenses.
You do need to change your account settings to ensure you add a passkey and that you don’t rely on SMS two-factor authentication. This is being phased out, but you should move faster and change today. Remember, these sophisticated attacks on Gmail users that pretend to be from Google all rely on two false premises:
1. That Google's support staff may reach out to you by email, phone or message; and if you ever do receive an email or message relating to an account issue, that Google may “ask for any of your account credentials — including your password, one-time passwords [or] confirm push notifications.”
2. That the attacker is using a legitimate app login workflow to steal valid user session tokens to defeat two-factor authentication on Office 365 accounts.
Protect Yourself from Phishing Attacks
Experts have warned of another “phishing kit built to defeat 2FA” dubbed SessionShark. This new attack is an adversary-in-the-middle (AiTM) phishing kit that can steal valid user session tokens to defeat two-factor authentication on Office 365 accounts.
The attackers use evasive HTML/JS code and dynamically change content to minimize visibility to security scanners. Such stealth features imply that the kit was tested against security solutions to reduce chances of being flagged, demonstrating the growing sophistication of criminal phishing tools.
Simple Measures to Keep Your Email Account Safe
Whatever the lure, do not use SMS 2FA on your account instead set up an authenticator app as a minimum. Never paste text strings or URLs or codes from one app into another or a sign-in dialog box if asked. There is never a reason to do so.
Set up passkeys and never enter your password credentials into a webpage unless you’ve accessed a main sign-in page using usual channels. These simple measures mean you get to keep your Gmail account and your Microsoft email account where they should be — with you.
Stay Vigilant, Stay Safe
The attackers are getting more sophisticated, so it's essential to stay vigilant and take these precautions seriously. Don't fall for phishing attacks, and always verify the authenticity of emails or messages before responding.