2 weeks Ago
This is the warning that really matters. Google has confirmed a new Gmail update but with a warning for 3 billion users. Take heed.
Because this is how you keep your email account. If you fail to follow this advice, you could find yourself losing access to your account and all your content. Google is rightly frustrated.
The latest attack on a Gmail user , which has somehow become a major threat despite it happening to a small number of users, is distracting attention from its much more important warning. The danger is that the advice is drowned out by the noise as countless articles delve into how a fake email was sent in such a way that it appeared to come from Google itself. The optics of millions of users checking their autosent Google emails is painful.
So first the basics. No, you are not about to receive a flood of fake emails from [email protected] or any other authenticated Google email address.
Such attacks are targeted and very rare. That’s why they generate so many headlines in the first place. You will receive a flood of malicious phishing emails though , despite Google’s assurance that its defenses now filter out 99% of these.
And you do need to change your account settings to ensure you add a passkey and that you don’t rely on SMS two-factor authentication. This is being phased out, but you should move faster and change today. More importantly, these sophisticated attacks on Gmail users that pretend to be from Google all rely on two false premises — that Google’s support will reach out to you by email or phone or message.
And if you ever do receive any form of email or message over an account issue, that Google will ever “ask for any of your account credentials — including your password, one-time passwords [or] confirm push notifications.” The same is true of sending links to pages where you enter your credentials. Last time there was this furor over a similar attack, Google asked me to “reiterate to your readers that Google will not call you to reset your password or troubleshoot account issues.
” And it has reissued that warning in the wake of this latest attack. But the danger is this simple advice is drowned out by the technicalities of 0Auth and DKIM (DomainKeys Identified Mail) checks to authenticate senders, including Google itself. None of this takes anything away from the awkward optics of this latest attack or Google’s exposed vulnerabilities — albeit these have been patched just as others were patched in January, when a similarly sophisticated hack made headlines.
At that time, Google said it was “hardening our defenses” to stop a repeat, just as now it’s telling users “we have rolled out protections to shut down this avenue for abuse.” Clearly as one door shuts, attackers will find another. And so it’s even more critical that all Gmail users go back to basics.
Set up a passkey and a stronger form of 2FA than SMS , given you still need a password as backup access for your account. And remember, any proactive support contact from Google (or Microsoft or Apple or Samsung or any other big tech company) is a scam. If you have any doubt, hang up the call or ignore the emails and reach out to the company using normal, publicly available channels.
.
