- Google has warned Gmail users of a new phishing email scam.
- Hackers are mimicking Google to steal passwords and personal details.
- Users have been urged to change passwords, enable 2FA, and stay alert.
For people across the globe, Gmail is one of the most-used applications. Google’s emailing app has over 1.8 billion users across the globe and all of them might be at risk to a new cyber scam. So, if you use Gmail, you might want to check your inbox — and your security settings. Google has issued a new warning to users, alerting them about a widespread and highly convincing phishing attack that could compromise your personal information.
A new threat targeting Gmail users
Google says a “sophisticated and coordinated” cyberattack is currently underway, targeting Gmail accounts across the globe. The tech giant confirmed that hackers are using deceptive emails that appear to come from trusted sources. Once opened, these emails can trick users into giving away sensitive details like passwords or clicking on links that install harmful software.
What makes this scam especially dangerous is how real it looks. The attackers are mimicking Google’s own design language — including logos, colours, and layout — to make their phishing emails look legitimate. In many cases, the messages claim that the user’s account has been suspended or needs urgent verification.
Who is at risk?
According to Google, nearly all Gmail users — more than 1.8 billion people worldwide — are potential targets. The phishing scam is spreading fast, and Google’s internal threat detection systems have already flagged a huge number of suspicious emails. In fact, the company claims to block over 100 million phishing attempts every single day.
Cybersecurity experts warn that even experienced users could fall for this scam, especially if they’re tired, in a rush, or simply distracted. “The attackers are using social engineering tactics to create a sense of urgency. That’s how they get you to act quickly — and make mistakes,” said a Google spokesperson.
How to know if your account was affected
If you’ve recently received emails asking you to verify your Gmail credentials, check your login history or follow links to “resolve an issue,” your account may have been targeted. Google recommends checking your “Last account activity” section, located at the bottom of your Gmail inbox on desktop, to review any suspicious logins.
You should also visit Google’s Security Checkup page, which shows you devices that have recently accessed your account, your recovery options, and any third-party apps connected to your email.
What to do if you’ve been scammed
If you suspect that your Gmail account has been phished, here’s what to do immediately:
- Change your password right away.
- Enable two-step verification to add an extra layer of security.
- Review your recent activity and remove any unknown devices.
- Revoke access for any unfamiliar apps.
Google also advises reporting phishing emails by clicking on the three-dot menu next to the email and selecting “Report phishing.”
Gmail’s built-in protections block most threats, but no system is perfect. Stay alert, don’t click on suspicious links, and always double-check sender details — especially when an email demands immediate action. The best defence is awareness.
