Gmail users must remain vigilant and watch out for a worrying new email scam.
There’s a worrying new threat, and it’s not something anyone with a Gmail account wants to ignore. Hackers are constantly looking for new ways to attack consumers, and falling for their latest trick could hand over full access to email and other accounts
The latest threat, which has been spotted by the team at Malwarebytes, appears to be targeting Gmail users and it’s easy to see how some are being caught out.
The scam starts with a message that claims to be from Google’s Support service saying that someone has attempted to access account and a password reset is required. To make things even more convincing, the email is sometimes followed by an actual phone call.
Hackers use this method in a bit to try and obtain the security code that Google sends out when a password is reset.
“Victims get an email or phone call allegedly from Google support that warns someone has tried to hack their account. The best way to protect themselves is to reset the password,” Malwarebytes explained.
“They then send a separate account reset email to the victim, who dutifully enters their login credentials. The account includes a code that the victim must read out to verify that they’re legit. The support staff say they’ll enter this code to reset the system, but they’re using those precious extra few seconds to hijack the victim’s account.”
READ MORE: Argos offers Sky Q rival at ‘lowest’ price, and it even lets you watch TV for free
It’s unclear how widespread the problem is, but some Google users have confirmed they’ve been targeted in recent weeks.
Speaking on Reddit, one Google account holder said: “He was trying to actively recover my account and steal possession of it, while on the phone with me.”
To make it appear more real, the scammer even asked the victim to look up the number they were calling from, then hang up the phone and call the number back.
“He was completely bluffing — as when you call that number, you cannot get a human on the line,” said the Redditor. “They don’t staff that line with agents.”
If you receive any contact from Google claiming an account needs resetting, be warned. It’s almost certainly a scam.
READ MORE: Everyone with an Android phone placed on high alert and must follow 4 new rules
Google has even commented on the problem, saying users must not hand over any data.
“These contacts and their websites have no affiliation to Google and may claim to provide password reset assistance as well as other Gmail related support services,” the US company said.
“In addition, these sites may require the submission of payment for their support services. Google does not charge users to recover their account credentials or change their password.
“In other cases, these websites may call you and claim that your Google Account was hijacked or that your computer has a virus or other malware on it. Google does not provide phone based support for Gmail and these calls are not affiliated with Google.”
