In a recent alert, tech giant Google has warned users about increasing threats from cybercriminals who are actively exploiting a Gmail vulnerability. These attackers are sending highly convincing phishing emails and calls that appear to originate from Google itself. In light of these developments, Google has urged users to take immediate steps on how to secure your Gmail account from hackers.
The company emphasized that attackers are leveraging artificial intelligence (AI) to create fake emails that include DKIM (DomainKeys Identified Mail) signatures, making them look completely authentic. These phishing attempts are designed to steal Gmail login credentials such as usernames and passwords. Google stressed that in some reported cases, hackers gained full control of user accounts by even altering passwords and recovery options.
A notable incident involved a developer who received a fake “legal notice” email, which appeared to be sent directly by Google. The user believed it to be legitimate because of its structure and authenticity cues. Google explained that these scams are highly dangerous because they can trick even experienced users.
Why Passwords Are No Longer Enough
According to Google, traditional login methods like passwords and SMS-based two-factor authentication (2FA) are no longer reliable. These can be easily bypassed or compromised by sophisticated attackers. To ensure better protection, Google strongly recommends adopting passkeys—a safer alternative for Gmail login security.
A passkey enables secure login using biometrics like fingerprint or facial recognition, or a device-specific PIN. These methods are resistant to phishing and offer robust security for Gmail accounts.
5 Key Steps: How to Secure Your Gmail Account from Hackers
Google has advised all Gmail users to immediately follow these critical steps to improve their account security:
- Set Up a Passkey: Secure your Gmail login by setting up a passkey on your phone or computer to replace traditional passwords.
- Enable Google Prompt: Use the Google Prompt feature instead of SMS codes. This sends a secure notification to your mobile device for login approval.
- Update Recovery Information: Make sure your recovery phone number and recovery email are added to your Gmail account and are always up to date.
- Avoid Suspicious Emails: Do not click on links from unexpected or suspicious-looking emails, even if they appear to be from Google.
- Change Your Password Immediately: As an urgent measure, change your current Gmail password to a strong and unique one.
Google Responds Quickly, But User Vigilance Is Crucial
Google confirmed that after identifying the threat, it promptly released security updates to address the vulnerability. However, the company and cybersecurity experts continue to stress the importance of individual awareness and proactive security practices. Knowing how to secure your Gmail account from hackers is now more critical than ever, especially with the increasing sophistication of AI-powered cyberattacks.
Also Read: Meta Launches Llama-4 AI Suite Scout Maverick Behemoth to Rival ChatGPT Gemini