Hackers are now leveraging real Google recovery prompts in phishing attacks, leaving even vigilant Gmail users vulnerable.
A recent case highlights how a Seattle firefighter lost $500,000 in cryptocurrency after falling for a clever scam.
How the Attack Works
Hackers combine phishing emails and fake Google support calls to gain access. Victims receive a recovery notification on their device, believing it’s part of Google’s legitimate process.
Clicking “Yes” on the prompt gives attackers full control over the account, including Gmail, Google Photos, and other linked services.
Key Details:
Phishing Emails: Sent from legitimate-looking Google addresses via Google Forms.
Fake Support Calls: Appeared to come from Google Assistant’s two-way communication number.
Recovery Prompts: Exploited as a final step to gain account access.
In the firefighter’s case, hackers accessed a photo of his cryptocurrency wallet seed phrase stored in Google Photos, enabling them to steal funds within seconds.
How to Stay Safe:
Never trust unsolicited recovery prompts. Only click “Yes” if you initiated the recovery process.
Avoid reacting under pressure. Hackers often create a sense of urgency.
Verify support calls. Google does not provide phone support for account recovery.
This attack highlights the importance of following Google’s phishing prevention guidelines. Vigilance and caution are your best defenses.
