Gmail Users Targeted in New, Sophisticated Phishing Scheme – Stay Vigilant
MOUNTAIN VIEW, CA – September 17, 2025 – Gmail users are facing a new wave of sophisticated online fraud where scammers impersonate Google Support to gain access to accounts, Google has warned. The scheme,recently highlighted in a reddit post on the Gmail subreddit,involves fraudsters directly contacting users via phone,claiming to detect unauthorized access attempts and urging immediate password resets.
The scam unfolds with potential victims receiving calls from individuals falsely representing Google Support. These fraudsters allege suspicious activity on the user’s account and propose a password reset as the solution. They then follow up with an email containing a link to a fake password reset form, requesting the user’s current password and a security verification code.
Crucially, the fraudsters request the verification code over the phone, falsely claiming it’s needed by the “Google Support” team to secure the account. this allows them to immediately hijack the Gmail account using the provided credentials.
Google reports a significant increase in password theft threats delivered via email – an 84% surge in 2024 alone. The company anticipates this trend will continue to escalate throughout 2025.
“We urge all users to remain vigilant,” a Google spokesperson told Forbes. “Google will never call users to request a password reset or address other account issues.”
To protect against this evolving threat, Google recommends users take three key steps:
- Google Security Checkup: Utilize Google’s built-in Security Checkup feature to review and activate crucial security settings.
- Advanced Protection Program: enroll in the Advanced Protection Program, which adds layers of security including blocking possibly dangerous downloads, limiting third-party app access to Gmail data, and strengthening the account recovery process.
- Activate passkeys: Transition to Passkeys for Gmail login. Passkeys replace traditional passwords with biometric authentication (fingerprint or facial recognition) or mobile PINs. “Google’s research has shown that security keys provide stronger protection against bots, large amounts of phishing attacks, and targeted attacks than SMS, application-based passwords, and other traditional two-factor authentication methods,” the spokesperson stated.
Users who suspect they have been targeted by this scam are encouraged to immediately change their Google account password and review their account activity for any unauthorized access.
(VMP/VMP)
