Gmail Users Face Lockout Risk After Sophisticated Phishing Attack, Google Warns

Google has sounded the alarm for its 1.8 billion Gmail users, urging anyone affected by a recent password hack to act within seven days or risk losing access to their accounts permanently. The warning follows a “sophisticated” phishing campaign that has fooled users into giving up their credentials. To recover access, users must have a recovery phone number or email already set up, as this allows Google to verify their identity even after a breach.

The phishing attack was first brought to light by Nick Johnson, a developer with the Ethereum platform. He shared details of a deceptive email claiming he had received a subpoena. The message, which appeared to come from a legitimate Google address, led him to a realistic-looking support page that mimicked Google’s login portal. These fake pages harvested login credentials and even passed Gmail’s DKIM checks, making them look authentic and placing them among real security alerts.

Google has confirmed the attack and identified it as coming from a known threat actor. The company says it has taken steps to shut down the fake support portals and urges users to bolster their defenses. Recommended actions include enabling two-factor authentication (2FA), using passkeys instead of passwords, and never sharing login codes or information over the phone. Google also reminded users it never asks for verification through unsolicited messages or calls.

The incident highlights how phishing attacks are evolving, using trusted domains like google.com to create a false sense of security. Users are reminded to stay alert for generic greetings, urgent requests, or prompts to click suspicious links. With cybercriminals getting smarter, Google’s message is simple: update your recovery options, switch to stronger authentication, and don’t delay if you suspect suspicious activity.