Gmail scam: Google says users have 7 days to recover hacked accounts
In a new statement, Google says that while it is working on a fix, users still have 7 days to recover their accounts if they fall victim to a hack.
There was a major scare recently involving Gmail and emails in general, after a new phishing scam was brought to light. Developer Nick Johnson reported that scammers were using extremely sophisticated phishing attacks to generate official-looking emails, which appeared to originate directly from Google.
This issue stemmed from Google’s legacy products, where hackers exploited content hosting on a Google subdomain that supported arbitrary scripts and embeds. They were able to create a Google account intended to scam users. The attackers then created a Google OAuth application and generated a security alert, which was sent directly to users’ inboxes.
Google confirmed in a statement to Newsweek that it was working on a fix. Now, according to a report by Forbes, Google has since issued a new advisory explaining recovery of compromised Gmail accounts.
What Google Said
Google confirmed to Forbes that protections against this type of attack are in the works and will be deployed soon. This will close off this particular avenue for abuse, Google said. Fortunately, if a user gets locked out of their account and the hacker changes the password, Google says users have up to seven days to recover access using available recovery methods. However, users must act quickly once an attacker has taken control of their account.
At the same time, a Google spokesperson also emphasised that users should be using security keys or passkeys to prevent such problems in the first place.
Additionally, Google recommends that users set up proper recovery options, such as a recovery email linked to their account. This can also be useful in cases where you forget your password or if a hacker changes your credentials after compromising the account.
You may also choose to receive a sign-in code at your previous recovery email during this time (7 day window).
All in all, you need to have a recovery email set up, a primary phone number linked to your account, enable updates about suspicious activity, and of course, use security features like passkeys to keep your account secure.
Google confirmed it was working on a fix
Earlier, in a confirmation to Newsweek, Google said, “We're aware of this class of targeted attack from the threat actor, Rockfoils, and have been rolling out protections for the past week. These protections will soon be fully deployed, which will shut down this avenue for abuse.”
It added, “In the meantime, we encourage users to adopt two-factor authentication and passkeys, which provide strong protection against these kinds of phishing campaigns.”
Mobile Finder: iPhone 16 LATEST Price, Specs And More
