New Gmail security warning due to 10-second hacker attack

Updated on October 26, 2024 This story, first published on October 25, provides additional practical email security tips on how to protect your Gmail account from hackers with Google’s Security Check feature.

Losing access to your email account is a scary event if, like many of us, it’s part of our online ecosystem of work and pleasure. Google says there are more than 2.5 billion Gmail accounts, so it’s no surprise that attackers make gaining access to them a priority, regardless of the ultimate attack load. When faced with an extreme email security challenge, the first thing that comes to many people’s minds is to ask for help, and that’s where 10-second account hackers find their prey. Here’s what you need to know about this predatory attack methodology and how to distract them if you’ve locked your Gmail account.

An email security alert that all Gmail users should know about

You only need to visit the official website online Gmail Support Community provided by Google itself to understand the many ways users can find to lose access to their email accounts. Everything from a forgotten password or even a username used as part of your login credentials, have problems with two-factor authenticationunable to reset their password using the account recovery process, someone else logged in and locked them out, etc. The good news is that the official support forum as well as places like Gmail subredditgenerally inhabited by truly knowledgeable and helpful souls who are not out to harm you. The bad news is that many people, when faced with an email security problem like this, immediately go into panic mode, which means screaming for help on social media. This is where the problems really start.

ForbesNSA tells iPhone and Android users: Restart your device nowby Davy Winder

I don’t know how to say it more clearly: Do not ask for help to access your Gmail account or any other account on X, Facebook, Instagram or any social media platform. Googling the official help guides only takes a few seconds, about as long as it takes predatory hacking bots to strike if you ask for help on X. I’m using X, formerly known as Twitter, as an example here because it remains a social media platform. networks that I use most often. Don’t be shy follow me on X for more tips on email security.

The 10 Second Email Security Threat

The email security threat posed by the army, and I used the phrase, bots on X is not only real, it is also predatory and very dangerous because it strikes when the victim is most vulnerable. Let me explain this with a little experiment I did this morning. I just posted the following tweet on X:

It took less than 10 seconds for the email defenses to kick in and less than five minutes for the floodgates to be well and truly open. While many fell into the “including those that may contain offensive content” category that had to be clicked to show, others were ignored and displayed in the stream. Most follow the same clichéd answer: same thing happened to me/my friend/someone I know – contact someone@somewhere and they’ll help you recover your account.”

A few of these bots using what at first glance appear to be real X user accounts will point to one user who can help. The fact is that none, absolutely zero, of them will help you. Instead, they’ll take advantage of the situation to rob you of money for not doing anything to recover your account (they couldn’t have done it anyway without using the official account recovery process), or worse, exploit your anxiety about email security to force you to hand over your account credentials and actually get your entire Google account, access to Gmail, and more.

ForbesNew Gmail security alert for 2.5 billion users due to AI hackby Davy Winder

What to do if you lost access to your Gmail account

The first thing to do in any type of email security incident, from accidentally deleting your inbox due to a forgotten access password to seemingly locking out your entire account, is to step back, take a breath, and count to ten. If that sounds patronizing, it’s not my intention: clearing your head and not making rash decisions is the best advice I can give.

I have published a selection of tips for what to do if Gmail hackers control your 2FA account, email address or mobile numberand we recommend that you read it because the support it offers applies to several email security incident scenarios. You can also go directly to Google itself by using your favorite web browser and entering the information yourself, rather than clicking on a link in an email or text message, just to be on the safe side. If you’re reading this because you’ve blocked access to your account, you can safely click this link for help.

So, in summary:

Don’t ask for help on social media.

Don’t respond to any jobs that respond if you ignore this sage advice.

Be sure to visit the official Google Support Forums and Gmail Help.

Use Google’s email security checklist to make sure you have recovery processes in place before using them.

ForbesGoogle adds nudity filter, scam blocker and more for 1 billion Messages usersby Davy Winder

Use Google Checkup to keep your email safe

Google’s security check feature is one of those things that is either overlooked or not seen at all by many users. Of course, Google may encourage users to use it from time to time, but in my opinion, it should be a mandatory exercise for all users at least once a year. While I often caution that security measures don’t interfere with usability, some are simply necessary: ​​two-factor authentication, logging out of your account after a set period of inactivity, and checking that your security settings are up-to-date. The first of these, 2FA, is the only one that can be a typical interruption of your online activity and will work when the second is activated, but the third is really a simple problem. So what does passing a Google Security Check entail?

Just head to Google security check pageand the process will start when the tool loads so that all the information is ready on the display for you to act on. An icon next to each area of ​​the inspection display indicates the urgency of the user’s consideration of the recommendations. In the case of the account used here as an example, the top two need to be considered. Clicking on the drop-down arrow next to each one opens the relevant information. An icon next to each area of ​​the inspection display indicates the urgency of the user’s consideration of the recommendations. In the case of the account used here as an example, the top two need to be considered. Clicking the drop-down arrow next to each of them opens the relevant information.

The first one about email forwarding should be considered important as it is the main methodology used by someone who has gained illegal access to your account but doesn’t want you to know about it. For example, a stalker can forward copies of all your emails in the background and without your knowledge to an address they can control. If you do not have forwarding configured, this is a serious error; the same if you don’t recognize any forwarding addresses in the displayed list. Deleting them is just a click away. This feature also displays in the advanced settings tab any addresses that are used as recipients for people who reply, addresses that appear as “from” when sending, and those emails that have been blocked.

Equally important, the “devices” section shows all the devices that are signed into your account, including information such as the date of last activity and location. If you don’t recognize any of them, this is again a serious red flag as it could be someone who hacked your account. Again, it’s just one click to remove any of the devices shown. Don’t worry, if you make a mistake and delete a device you should have saved, you’ll be asked to verify your identity, sign in again, including any 2FA options, the next time you try to connect with it.