Google has issued an urgent security warning to all Gmail users following a wave of highly sophisticated phishing scams that convincingly imitate official Google communication. These scams, which involve both emails and phone calls, are designed to trick users into surrendering control of their accounts.
What Is the Scam About?
In a blog post and security update, Google revealed the mechanics of the phishing scam: attackers send users fake account recovery emails that look nearly identical to legitimate Google messages. Soon after, victims receive a phone call from someone claiming to be a Google support agent.
Using persuasive language and, in some cases, AI-generated voices, the caller alerts users of suspicious activity on their accounts and encourages them to approve a Google account recovery request. If users comply, scammers gain full access to their Gmail, personal data, and associated services like Google Drive and Photos.
According to Forbes, over 500,000 users have already been affected in what’s being called one of the most convincing phishing attempts to date.
New Variant: ₹2 Payment Scam
Another variation of the scam has emerged, specifically targeting users in India. This version uses alarming subject lines like “Google Alert – Your Authentication is Pending” and threatens to deactivate your account in three days unless you complete a “verification” payment of just ₹2.
Clicking the link leads to a fake version of the Google Cloud login page. This website is designed to capture your personal details, payment information, and Google credentials. The Times of India reports that hundreds of users have already fallen victim, lured in by the low payment amount and urgency.
How to Recognize a Scam
Google emphasizes that real security alerts never ask for approval via unsolicited calls or ask for payment in exchange for keeping your account active. You should be especially wary of the following red flags:
- Emails that claim your Gmail account will be deleted or deactivated soon.
- Messages with urgent subject lines pressuring immediate action.
- Phone calls or messages claiming to be from Google support.
- Requests to approve an account recovery notification you didn’t initiate.
- Links that lead to domains slightly different from
google.com.
How to Stay Safe
Google and cybersecurity experts recommend these tips to protect your account:
✅ Verify the Sender
Legitimate Google emails come from domains ending in @google.com. Always check the full sender address, not just the display name.
✅ Don’t Click Suspicious Links
Instead of clicking links in emails, go directly to https://myaccount.google.com to check for any activity.
✅ Enable 2-Step Verification
Use Google’s 2-Step Verification to add a layer of protection.
✅ Don’t Share Personal Info
Google will never ask for your password or payment details via email or phone calls.
✅ Use Google’s Phishing Report Tool
If you receive a suspicious email, report it directly within Gmail by clicking the three-dot menu and selecting “Report phishing.
What to Do If You’ve Already Responded
If you’ve accidentally clicked on a phishing link or approved a fake recovery request:
- Change Your Password Immediately at Google Account Recovery.
- Revoke Account Access to unfamiliar apps and devices from your Google Security Settings.
- Monitor Bank Transactions if you’ve entered payment details.
- Report to Authorities: In India, file a report with the National Cyber Crime Reporting Portal.
Final Words
As phishing campaigns grow more deceptive and targeted, vigilance is crucial. Google is actively improving its detection systems but reminds users that their best defense remains awareness and skepticism.
As always, if something feels suspicious—even if it looks official—it’s better to double-check before clicking.
This article has been carefully fact-checked by our editorial team to ensure accuracy and eliminate any misleading information. We are committed to maintaining the highest standards of integrity in our content.
