New wave of 2FA attacks — how to avoid losing access to Gmail

Attackers are actively trying to steal your Gmail credentials by blocking access to your mail and using the contents of your inbox for further attacks. Google confirms that a new account verification scheme is currently being rolled out that aims to steal the two-factor authentication (2FA) code.

Forbes writes about it.

How does the new type of fraud work, and how can you protect yourself?

The Reddit user under the name EvilKittensCo said that he received the phone call allegedly from a Google support employee. The "specialist" claimed that it was necessary to confirm the account recovery data, otherwise the system would make the requested changes. The next step was the request to send the 2FA SMS code, which actually gives the hacker full access to the mail and allows him to change the security settings, blocking the real owner.

Google informed the editorial board that it was aware of this targeted scheme, had already disabled the attackers' accounts, and strengthened its security.

"Google will not call you to reset your password or troubleshoot account issues," the company's spokesperson emphasized and urged everyone to remain vigilant.

To completely eliminate the risks, Google recommends using phishing-resistant methods such as hardware security keys or Passkeys. Even if a fraudster receives an SMS code, these authentication methods will block access.

If you do lose control of your account, Google gives you seven days to restore it using previously added phone numbers or backup email addresses. You can set them up in the section Manage your Google account — Security.

Never share verification codes with anyone else and set up alternative recovery methods today. Your Gmail is only as secure as the keys and codes you hold.

As a reminder, Google has warned Gmail users about mass email attacks. In the event of a hack, the account owner has only seven days to regain access, even if the attackers have managed to change the backup contacts or recovery address.

We also wrote that Gmail has started introducing the new feature for Android users — the Manage Subscriptions page. It allows you to quickly unsubscribe from unnecessary emails without searching for links in emails.