Hackers have devised a new online scam targeting Gmail users, posing a significant threat to personal account security. The scam involves receiving a fake message purportedly from Google Support claiming unauthorized access attempts and prompting a password reset. Some victims have reported receiving follow-up phone calls to enhance the illusion of legitimacy.
The scammers aim to trick users into revealing the security code sent by Google during the password reset process. By obtaining this code, hackers can gain unauthorized access to accounts and pilfer sensitive personal information. Malwarebytes warns that victims are lured into divulging their login credentials through a separate account reset email, unwittingly providing scammers with the necessary code to hijack their accounts.
Although the scale of this scam is not fully known, several Google users have reported being targeted recently. One victim recounted a harrowing experience on Reddit, where the scammer attempted to deceive them into surrendering control of their account over the phone. The scammer even instructed the victim to verify their phone number by calling back, adding a layer of deceit to the scheme.
Google has issued a statement cautioning users against falling for such fraudulent schemes, emphasizing that Google Support does not initiate password resets or account recovery processes through unsolicited contacts. The tech giant reaffirms that users should never disclose sensitive information to unauthorized sources claiming to offer assistance with account-related issues.