Gmail warning comes around again.<\/p>\n
NurPhoto via Getty Images<\/p>\n
Gmail users face a new tidal wave of warnings as a dangerous new account threat makes headlines again. Gmail accounts are prized by hackers as a valuable store of information and as a gateway to other platforms and services. New and \u201cnearly perfect<\/a>\u201d AI threats mean those accounts are now at risk \u2014 make sure you don\u2019t lose yours.<\/p>\n A new alert from Kaspersky<\/a> has just warned Gmail users that \u201claw enforcement agencies are interested in your account.\u201d This is making headlines, with reports (1<\/a>,2<\/a>) of \u201chackers abusing Google Services to send malicious law enforcement requests.”<\/p>\n The attack itself was first reported in April, when a crypto engineer warned he \u201cwas targeted by an extremely sophisticated phishing attack” which \u201cexploits a vulnerability in Google\u2019s infrastructure.\u201d At the time, it seemed Google was \u201crefusing to fix it,\u201d and so Ethereum\u2019s Nick Johnson<\/a> suggested \u201cwe\u2019re likely to see it a lot more.\u201d<\/p>\n ForbesDo Not Click\u2014This Message Has Just 10 Minutes To Hack Your PhoneBy Zak Doffman<\/a><\/p>\n \u201cImagine,\u201d Kaspersky says, \u201cyou receive a letter notifying that Google has received a summons from law enforcement agencies demanding to provide the contents of your account. The letter looks quite \u2018Google-like\u2019, and the sender\u2019s address is quite respectable \u2014 no-reply@accounts.google.com. Inside, a slight feeling of panic immediately wakes up (at least), doesn’t it?\u201d<\/p>\n The attack is cleverly constructed. \u201cEven the link looks quite plausible \u2014 the address includes the official Google domain and the support ticket number mentioned above. Only sophisticated users will notice the catch: all Google support pages are located on support.google.com, the link immediately leads to a certain sites.google.com. But the calculation of attackers is on those users who do not understand such details.\u201d<\/p>\n But the objective is simple. As I explained last month, it links to a Google-hosted credential phishing page that mimics the real thing, but which takes over your account<\/a>.<\/p>\n Kaspersky highlights the following telltale signs:<\/p>\n But as Kaspersky says, \u201call these signs are quite difficult to notice for an ordinary layman, especially if he is frightened by the prospect of trouble with law enforcement agencies. Even more confusion is added by the fact that the fake letter is signed by this Google \u2014 accounts.google.com is indicated in the signed-by field.\u201d<\/p>\n ForbesGoogle Issues Critical Update For 2 Billion Chrome UsersBy Zak Doffman<\/a><\/p>\n Google has pushed out a fix. \u201cWe\u2019re aware of this class of targeted attack,\u201d it confirms, \u201cand have been rolling out protections for the past week. These protections will soon be fully deployed, which will shut down this avenue for abuse. In the meantime, we encourage users to adopt two-factor authentication and passkeys<\/a>, which provide strong protection against these kinds of phishing campaigns.\u201d<\/p>\n But more importantly, Google will not reach out to you in this way, and will never ask for your account credentials or send you to a page where you can enter them. It has emphasized this repeatedly, especially when it comes to account security and tech support issues. If you ever receive a communication with any lure purporting to come from Google, access your account using normal channels and reach out to them directly.<\/p>\n\n