{"id":134458,"date":"2024-12-07T20:04:29","date_gmt":"2024-12-07T13:04:29","guid":{"rendered":"https:\/\/hotvideos24.online\/?p=134458"},"modified":"2024-12-07T20:04:29","modified_gmt":"2024-12-07T13:04:29","slug":"gmail-takeover-hack-attack-google-warns-you-have-just-7-days-to-act","status":"publish","type":"post","link":"https:\/\/hotvideos24.online\/?p=134458","title":{"rendered":"Gmail Takeover Hack Attack\u2014Google Warns You Have Just 7 Days To Act"},"content":{"rendered":"<p> <script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3711241968723425\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-format=\"fluid\"\r\n     data-ad-layout-key=\"-fb+5w+4e-db+86\"\r\n     data-ad-client=\"ca-pub-3711241968723425\"\r\n     data-ad-slot=\"7910942971\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script><br \/>\n<\/p>\n<div>\n<figure class=\"embed-base image-embed embed-0\" role=\"presentation\"><figcaption><fbs-accordion><\/p>\n<p class=\"color-body light-text\">Google warns Gmail users they have 7 days to act in case of hacker takeover attack<\/p>\n<p><\/fbs-accordion><small>SOPA Images\/LightRocket via Getty Images<\/small><\/figcaption><\/figure>\n<p><em>Update, Dec. 07, 2024: This story, originally published Dec. 05, has been updated with examples of the kind of cyber-attacks used by hackers and scammers to lock you out of your Gmail account. A Dec. 06 update added more detailed information regarding the importance of setting up recovery details for your Google account and the options that are available to Gmail users.<\/em><\/p>\n<p>Although I\u2019m pretty sure that a number of the people who contact me claiming that they have been locked out of their Gmail account by a hacker and want my help to get back in are, actually, trying to <a href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/11\/05\/gmail-2fa-cyber-attack-open-another-account-before-its-too-late\/\" target=\"_self\" class=\"color-link\" title=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/11\/05\/gmail-2fa-cyber-attack-open-another-account-before-its-too-late\/\" data-ga-track=\"InternalLink:https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/11\/05\/gmail-2fa-cyber-attack-open-another-account-before-its-too-late\/\" aria-label=\"hack someone else\u2019s Gmail account\" rel=\"noopener\">hack someone else\u2019s Gmail account<\/a>, that doesn\u2019t mean everyone who asks for help is a scammer. You only have to look at the online Gmail support forums, both official and unofficial, to realize that people fall victim to hack attacks all the time and suddenly find their online lives turned upside down without access to their email. A common thread among these pleas for help is that an attacker, having compromised the account, has <a href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/10\/09\/gmail-hackers-take-control-of-2fa-email--number-heres-what-to-do\/\" target=\"_self\" class=\"color-link\" title=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/10\/09\/gmail-hackers-take-control-of-2fa-email--number-heres-what-to-do\/\" data-ga-track=\"InternalLink:https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/10\/09\/gmail-hackers-take-control-of-2fa-email--number-heres-what-to-do\/\" aria-label=\"changed passwords, phone numbers and even passkeys to prevent the genuine account holder from regaining access\" rel=\"noopener\">changed passwords, phone numbers and even passkeys to prevent the genuine account holder from regaining access<\/a>. I went directly to Google to ask if there\u2019s anything that users can do to get their Gmail accounts back under their own control, and, as it turns out, there\u2019s a lot more than you might imagine. Here\u2019s what you need to know.<\/p>\n<p><a class=\"embed-base color-body color-body-border link-embed embed-2\" href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/12\/05\/smartphone-security-warning-make-changes-now-or-become-a-victim\/\" target=\"_blank\" aria-label=\"Smartphone Security Warning\u2014Make These Changes Now Or Become A Victim\" rel=\"noopener noreferrer\" data-ga-track=\"forbesEmbedly:https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/12\/05\/smartphone-security-warning-make-changes-now-or-become-a-victim\/\"><span class=\"link-embed__info\"><span class=\"link-embed__provider\">Forbes<\/span><span class=\"link-embed__title\">Smartphone Security Warning\u2014Make These Changes Now Or Become A Victim<\/span><small class=\"link-embed__byline\">By <span class=\"link-embed__author\">Davey Winder<\/span><\/small><\/span><span class=\"link-embed__thumbnail-wrapper\"><span class=\"link-embed__thumbnail allow-inline-style\" style=\"background-image: url(https:\/\/specials-images.forbesimg.com\/imageserve\/675062a852bf448870a36824\/960x0.jpg);\"\/><\/span><\/a><\/p>\n<h2 class=\"subhead-embed color-accent bg-base font-accent font-size text-align\">Gmail Hack Attack Leaves Account Locked After Phone Number And Passkey Changed<\/h2>\n<p>A typical example of <a href=\"https:\/\/www.reddit.com\/r\/GMail\/comments\/1h0qhj5\/hacked_and_locked_out_with_nfcphysical_key\/?rdt=49902\" rel=\"nofollow noopener noreferrer\" target=\"_blank\" class=\"color-link\" title=\"https:\/\/www.reddit.com\/r\/GMail\/comments\/1h0qhj5\/hacked_and_locked_out_with_nfcphysical_key\/?rdt=49902\" data-ga-track=\"ExternalLink:https:\/\/www.reddit.com\/r\/GMail\/comments\/1h0qhj5\/hacked_and_locked_out_with_nfcphysical_key\/?rdt=49902\" aria-label=\"a Gmail user who has found themselves locked out of their account after a successful hack attack\">a Gmail user who has found themselves locked out of their account after a successful hack attack<\/a> compromise was posted to the Reddit Gmail subreddit recently. The user complained that they had been locked out of the account after finding that their \u201cpasskeys (fingerprint), passwords and phone number were changed,\u201d laying the blame on malware that was discovered on their device. \u201cThe only thing I have attached to the account is my other recovery email that I still have access to, though it doesn&#8217;t really help with logging me back in,\u201d the user said, \u201cI don&#8217;t have access to backup codes either and I&#8217;m pretty much ready to give up at this point knowing that Google doesn&#8217;t have live support.\u201d Although Google wasn\u2019t able to help with this specific case, I did ask for broader advice on how a Gmail user should respond in such circumstances in order to regain access to their Google account and their Gmail.<\/p>\n<p><fbs-ad position=\"inread\" progressive=\"\" ad-id=\"article-0-inread\" aria-hidden=\"true\" role=\"presentation\"\/><\/p>\n<h2 class=\"subhead-embed color-accent bg-base font-accent font-size text-align\">Google Said Users Have 7 Days To Regain Access To A Compromised Gmail Account<\/h2>\n<p>I had a conversation with a Google spokesperson, Ross Richendrfer, who deals with workspace security and privacy matters. First and foremost, Richendrfer wanted me to point out that the tactics being seen by these email hackers are not unique to Gmail by any means, it\u2019s a common methodology for an attacker to maintain control of an account once it has been initially compromised. However, Richendrfer did confirm, for context, that Google does see situations where an attacker has compromised an account and then adds a security key or a passkey to prevent the legitimate owner from logging back in. This, Richendrfer said, is usually as a result of the Gmail account holder \u201cnot using phishing-resistant authentication technologies, such as security keys or passkeys,\u201d to protect their Google account.<\/p>\n<p><a class=\"embed-base color-body color-body-border link-embed embed-4\" href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/12\/04\/google-confirms-new-gmail-security-surprise-and-its-so-simple\/\" target=\"_blank\" aria-label=\"Google Confirms New Gmail Security Surprise\u2014And It\u2019s So Simple\" rel=\"noopener noreferrer\" data-ga-track=\"forbesEmbedly:https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/12\/04\/google-confirms-new-gmail-security-surprise-and-its-so-simple\/\"><span class=\"link-embed__info\"><span class=\"link-embed__provider\">Forbes<\/span><span class=\"link-embed__title\">Google Confirms New Gmail Security Surprise\u2014And It\u2019s So Simple<\/span><small class=\"link-embed__byline\">By <span class=\"link-embed__author\">Davey Winder<\/span><\/small><\/span><span class=\"link-embed__thumbnail-wrapper\"><span class=\"link-embed__thumbnail allow-inline-style\" style=\"background-image: url(https:\/\/specials-images.forbesimg.com\/imageserve\/674d7f9e957cf9c0d3466b95\/960x0.jpg);\"\/><\/span><\/a><\/p>\n<h2 class=\"subhead-embed color-accent bg-base font-accent font-size text-align\">Two Types Of Hacking Threat That Can Lead To Gmail Users Being Locked Out Of Their Accounts<\/h2>\n<h3 class=\"subhead3-embed color-body bg-base font-accent font-size text-align\">The Gmail Link Hovering Threat<\/h3>\n<p>The advice to protect yourself against scammers using the fake URL tactic whereby a link is disguised to look genuine but actually leads to a cloned site has been, for the longest time, hover your mouse over the link. Doing so reveals the real destination of the link in question, so tipping you off to any fraudulent intent. Or so the theory goes. The reality has, also for there longest time, been quite different. You see, scammers are, I\u2019m afraid to say, not all stupid. Some are technically savvy enough to spoof the text that appears when you hover over a link. This doesn\u2019t take any advanced tooling, just a bit of straightforward HTML coding to edit the mouseover text label. This can work because the mouseover label is displayed next to the link that\u2019s being hovered over and, when using a web browser to access Gmail, the real URL is most often displayed at the bottom of the screen. The attacker is relying on the user not looking elsewhere other than the URL that pops up alongside the link. Smartphone Gmail apps don\u2019t appear to suffer from this so use them wherever possible. \u201cGmail blocks more than 99.9% of spam, phishing attempts, and malware from reaching you,\u201d a Google spokesperson said, \u201cas part of our AI-based protections, Gmail takes into account link obfuscation methods when classifying messages.\u201d<\/p>\n<h3 class=\"subhead3-embed color-body bg-base font-accent font-size text-align\">The Gmail 2FA Bypass Attack Threat<\/h3>\n<p>Session cookie theft, which is what usually happens when a threat actor is looking to initiate a two-factor authentication bypass attack, works by using an attacker-in-the-middle tactic whereby it\u2019s not your 2FA code itself that is being targeted but rather the cookie that says you have successfully authenticated your identity for that session. Once in possession of the session cookie, the attacker can then, effectively, go back at any time and will be treated as a genuine user of your account as the cookie shows that session as, yep, authenticated. There are \u201cnumerous protections to combat such attacks, including passkeys, which substantially reduce the impact of phishing and other social engineering attacks,\u201d a Google spokesperson said. That\u2019s probably the best advice I would offer, truth be told, as using a passkey rather than a 2FA code that is sent by SMS or even an authentication application generated one is a whole league of difference safer. \u201cGoogle research has shown that security keys provide a stronger protection against automated bots, bulk phishing attacks, and targeted attacks than SMS, app-based one-time passwords, and other forms of traditional two-factor authentication,\u201d the Google spokesperson said. If you use Google Chrome as your web browser, then you are also protected by app-bound encryption. Chrome encrypts data tied to identity in much the same way as macOS users experience with Keychain protection to prevent apps running as the logged-in user from gaining access to secrets such as session cookies.<\/p>\n<h2 class=\"subhead-embed color-accent bg-base font-accent font-size text-align\">Google Account Recovery Options For Gmail Users Explained<\/h2>\n<p>\u201cWe recommend all users to set up a recovery phone as well as a recovery email on their account,\u201d Richendrfer said, \u201cthese can be used in cases where users forget their own passwords, or an attacker changes the credentials after hijacking the account.\u201d Here comes the most important bit: if an attacker changes your recovery phone number then you, as the original account holder, have <a href=\"https:\/\/support.google.com\/accounts\/answer\/183723?hl=en&amp;co=GENIE.Platform%3DDesktop\" rel=\"nofollow noopener noreferrer\" target=\"_blank\" class=\"color-link\" title=\"https:\/\/support.google.com\/accounts\/answer\/183723?hl=en&amp;co=GENIE.Platform%3DDesktop\" data-ga-track=\"ExternalLink:https:\/\/support.google.com\/accounts\/answer\/183723?hl=en&amp;co=GENIE.Platform%3DDesktop\" aria-label=\"up to 7 days to use that original recovery phone number to regain control of your account\">up to 7 days to use that original recovery phone number to regain control of your account<\/a>.<\/p>\n<p>Recovery options should be filed under the same \u201cdo not ignore\u201d heading as data backups and the importance of not clicking on unsolicited links in emails and text messages. We all know, however, that all these things are ignored. With 2025 fast approaching, how about you make it your new year resolution to rectify all three, starting with your Google account recovery options?<\/p>\n<p>As <a href=\"https:\/\/support.google.com\/accounts\/answer\/183723\" rel=\"nofollow noopener noreferrer\" target=\"_blank\" class=\"color-link\" title=\"https:\/\/support.google.com\/accounts\/answer\/183723\" data-ga-track=\"ExternalLink:https:\/\/support.google.com\/accounts\/answer\/183723\" aria-label=\"Google said\">Google said<\/a>, \u201cyour recovery email is used to reach you in case we detect unusual activity in your account or you accidentally get locked out,\u201d which is why you shouldn\u2019t ignore it and ensure it is kept up to date. As with telephone numbers, Google said that \u201cwhen you change your recovery email, you may be able to choose to get sign-in codes sent to your previous recovery email for one week.\u201d<\/p>\n<p>To add or change a recovery phone number or email on Android, open your device settings app, hit Google followed by your name and the manage your Google account option. Now head for the security section and where it says \u201chow you sign into Google\u201d you can select options for recovery phone or recovery email. You will likely be asked to sign in before getting any further, but the selection process is very straightforward and takes no time at all.<\/p>\n<p>When it comes to recovery numbers, Google advised that the number used should be for a smartphone that belongs only to you and is used regularly and kept on your person.<\/p>\n<p>When it comes to recovery email addresses. Google advised that the email address should also be one that you use regularly but is, obviously, different to the one that is used to sign into your Google\/Gmail account.<\/p>\n<p>Google also said that if there is something different about how you\u2019re signing in then you might not be given the option to change your recovery information. This would appear to be something that many users get confused about, however, Google advised that you should try again a week later using the same device, or from another device which is regularly used to sign into your google account or from a location where you usually connect from.<\/p>\n<figure class=\"embed-base image-embed embed-5\" role=\"presentation\"><figcaption><fbs-accordion><\/p>\n<p class=\"color-body light-text\">Google&#8217;s Gmail account recovery guidebook<\/p>\n<p><\/fbs-accordion><small>Google<\/small><\/figcaption><\/figure>\n<p>Richendrfer also advised that anyone, be they using Gmail or any Google service, can get further <a href=\"https:\/\/blog.google\/technology\/safety-security\/google-account-recover\/\" rel=\"nofollow noopener noreferrer\" target=\"_blank\" class=\"color-link\" title=\"https:\/\/blog.google\/technology\/safety-security\/google-account-recover\/\" data-ga-track=\"ExternalLink:https:\/\/blog.google\/technology\/safety-security\/google-account-recover\/\" aria-label=\"help with account recovery by starting here\">help with account recovery by starting here<\/a> or heading to this <a href=\"https:\/\/guidebooks.google.com\/android\/getstarted\/signintoyourgoogleaccount?hl=en-us\" rel=\"nofollow noopener noreferrer\" target=\"_blank\" class=\"color-link\" title=\"https:\/\/guidebooks.google.com\/android\/getstarted\/signintoyourgoogleaccount?hl=en-us\" data-ga-track=\"ExternalLink:https:\/\/guidebooks.google.com\/android\/getstarted\/signintoyourgoogleaccount?hl=en-us\" aria-label=\"Gmail account recovery guidebook\">Gmail account recovery guidebook<\/a> by Google for more detailed, step-by-step, instructions.<\/p>\n<p><a class=\"embed-base color-body color-body-border link-embed embed-7\" href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/11\/23\/no-your-gmail-messages-arent-100-private-2-ways-to-fix-that\/\" target=\"_blank\" aria-label=\"Gmail Privacy Warning\u2014Google\u2019s Email Problem And How To Fix It\" rel=\"noopener noreferrer\" data-ga-track=\"forbesEmbedly:https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/11\/23\/no-your-gmail-messages-arent-100-private-2-ways-to-fix-that\/\"><span class=\"link-embed__info\"><span class=\"link-embed__provider\">Forbes<\/span><span class=\"link-embed__title\">Gmail Privacy Warning\u2014Google\u2019s Email Problem And How To Fix It<\/span><small class=\"link-embed__byline\">By <span class=\"link-embed__author\">Davey Winder<\/span><\/small><\/span><span class=\"link-embed__thumbnail-wrapper\"><span class=\"link-embed__thumbnail allow-inline-style\" style=\"background-image: url(https:\/\/specials-images.forbesimg.com\/imageserve\/65c79f44a97dd781b8b68ab6\/960x0.jpg);\"\/><\/span><\/a>\n<\/div>\n<p><script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3711241968723425\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-format=\"fluid\"\r\n     data-ad-layout-key=\"-fb+5w+4e-db+86\"\r\n     data-ad-client=\"ca-pub-3711241968723425\"\r\n     data-ad-slot=\"7910942971\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script><br \/>\n<br \/><div data-type=\"_mgwidget\" data-widget-id=\"1660802\">\r\n<\/div>\r\n<script>(function(w,q){w[q]=w[q]||[];w[q].push([\"_mgc.load\"])})(window,\"_mgq\");\r\n<\/script>\r\n<br \/>\n<br \/><a href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/12\/07\/gmail-takeover-hack-attack-google-warns-you-have-just-7-days-to-act\/\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Google warns Gmail users they have 7 days to act in case of hacker takeover attack SOPA Images\/LightRocket via Getty Images Update, Dec. 07, 2024: This story, originally published Dec. &hellip; <a href=\"https:\/\/hotvideos24.online\/?p=134458\" class=\"more-link\">Read More<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8630],"tags":[],"class_list":["post-134458","post","type-post","status-publish","format-standard","hentry","category-technology","entry"],"_links":{"self":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/posts\/134458","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=134458"}],"version-history":[{"count":0,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/posts\/134458\/revisions"}],"wp:attachment":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=134458"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=134458"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=134458"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}