2.5 billion Gmail users at risk of falling victim to scams

If you use Gmail, it's time to be on high alert. A notorious group of hackers known as ShinyHunters has allegedly hacked and gained unauthorized access to Google's Salesforce database system, according to a new report from Forbes. The incident has raised serious concerns about the information security of billions of users worldwide.

Google was quick to confirm the attacks, saying some basic data, including customer and company names, had been leaked. However, the tech giant insisted that user passwords were not compromised. However, experts warn that this seemingly “harmless” information can still become valuable material for targeted phishing campaigns.

When personal and business data is exploited, bad actors can create fake emails that look more legitimate, thereby tricking users into providing more sensitive information or clicking on malicious links. This puts not only Gmail accounts at risk, but also other services in the Google ecosystem such as Google Cloud.

In the context of increasingly sophisticated cyber attacks, Gmail users are advised to carefully check received emails, avoid clicking on strange links and enable two-factor authentication to increase security. Because, even if the password has not been exposed, the leaked public data is enough for cybercriminals to create increasingly convincing and dangerous phishing scenarios.

How do phishing attacks work?

The first reports of attacks targeting Gmail and Google Cloud appeared on Reddit, where many users believed they were directly related to the recent data breach. According to the report, some victims received fake calls from people impersonating Google employees, claiming their accounts had just been compromised and needed urgent attention.

The most common scam scenario involves taking control of a Gmail account through an “account reset” process. Hackers exploit users’ confusion to trick them into providing authentication codes or login information. Once they have the password, the attacker immediately changes the security information, locking the account owner out of their own system.

Another technique that experts warn about is exploiting old, outdated access points in storage systems to steal sensitive data or install malware into Google Cloud environments. This type of attack is especially dangerous for businesses that store large amounts of customer information and important operational data.

With around 2.5 billion Gmail and Google Cloud users worldwide, this threat is not only aimed at large corporations but can easily spread to individual users. Hackers can take advantage of even seemingly simple data to build sophisticated phishing scenarios, catching victims off guard. This shows that the scope and danger of attacks are at an alarming level.

How to protect yourself from attacks?

As hackers become more sophisticated, proactively protecting your personal accounts is more important than ever. Gmail and Google Cloud users need to deploy strong layers of defense to prevent unauthorized access in the first place.

Google now offers a number of essential security tools and programs. First, Google Security Checkup helps users quickly review the security status of their accounts, automatically detect vulnerabilities and make appropriate recommendations.

For those at high risk, such as journalists, politicians, or business administrators, Google recommends joining the Advanced Protection Program, which adds additional barriers, such as blocking harmful file downloads and preventing third-party apps from accessing Gmail data without permission.

Another measure being promoted by Google is the use of passkeys instead of traditional passwords. Passkeys make users log in more securely, almost immune to phishing or password guessing attacks.

However, no matter how advanced security technology is, it cannot replace user vigilance. Be cautious of any calls or emails claiming to be from technical support staff.

Google says it will never contact you to reset your password or change sensitive information by phone or email. A little bit of awareness can help you avoid becoming the next victim./.