Gmail Users Targeted in New, Sophisticated Phishing Scheme – Stay Vigilant
MOUNTAIN VIEW, CA – September 17, 2025 – Gmail users are facing a new wave of sophisticatedโ online fraud where scammers impersonate Google Support to gain access to accounts, Google has warned. The โฃscheme,recently highlighted in a reddit post on the Gmail subreddit,involves fraudsters directly contacting users via โฃphone,claiming to detect unauthorized access attempts and urgingโ immediate password resets.
The scam unfolds with potential victims receiving calls from individuals falsely representing โคGoogle Support. Theseโข fraudsters allege suspicious activity on the user’s account and propose a password reset โฃas theโค solution. They then follow up with an email containing a link to a โfake password reset form, requesting the user’s current password and a security verification code.
Crucially, the fraudsters request โthe verification code overโค the phone,โ falsely claiming it’s needed by the “Google Support” team to secure the account. this allows them to immediately โhijack โฃthe Gmail account using the provided credentials.
Google reports a significant increase in password theft threats delivered via email – an 84% surge in 2024 alone. Theโ company anticipates this trend will continue to โescalate throughout 2025.
“We urgeโข all users to remain vigilant,” a Google spokesperson told Forbes. “Googleโข will never โคcall users to request a password reset or address other account issues.”
To protect against this evolving threat, Google recommends โusers take three key steps:
- Google Security Checkup: Utilize Google’s built-in Security Checkup feature to review and activate crucial security settings.
- Advanced Protection Program: enroll in the Advanced Protection โฃProgram, which โadds layers ofโ security including blocking possibly dangerous โคdownloads, limiting third-party app access โto Gmailโ data,โ and strengthening the account recovery process.
- Activate passkeys: Transition to Passkeys โขfor Gmail login. Passkeys replace traditional passwords with biometric authentication (fingerprint or facial recognition) or mobile PINs. “Google’s research has shown that security keys provide strongerโ protection against bots, large amounts of โคphishing attacks, and targeted attacks than SMS, application-based passwords, and otherโ traditional two-factor authentication methods,” the spokesperson stated.
Users who suspect they have โbeen targeted by this scamโฃ are encouraged โto immediately change their Google account password and review their โฃaccount activity for any unauthorizedโ access.
(VMP/VMP)
