SCAM ALERT: Google Warns Gmail Users of Rising Phishing Attacks

Google has issued a major security alert to its estimated 2.5 billion Gmail users, urging them to strengthen their account protections after a surge in phishing scams linked to the hacker group ShinyHunters.

What Happened

In June, ShinyHunters infiltrated a Salesforce database used by Google to manage business contacts for small and medium-sized companies. While Gmail passwords and financial details were not compromised, attackers gained access to information such as contact names, company details, and email metadata. That data is now being used to launch targeted phishing campaigns.

Scam Tactics on the Rise

Using information that appears legitimate, scammers have escalated both phishing and “vishing” (voice phishing) efforts. Some calls are spoofing Google’s 650 area code to appear authentic. Others are sending deceptive sign-in pages designed to steal passwords and two-factor authentication codes.

Google’s own research shows phishing and vishing account for nearly 40 percent of all Gmail account takeovers.

Google’s Response

Google has been urging users to update their passwords and enable extra security protections. The company has also emphasized that Gmail’s core systems remain secure, but warns that scammers are growing more sophisticated.

Steps Users Should Take

Google recommends the following actions to protect your account:

• Change your Gmail password and ensure it is strong and unique.

• Enable two-factor authentication (2FA) using an authenticator app or physical security key instead of text messages.

• Consider switching to passkeys, which use device-based biometrics and are more resistant to phishing.

• Run a Google Security Checkup and enroll in the Advanced Protection Program if you are a high-risk user.

• Be skeptical of unsolicited calls or messages. Google will never call you about account problems or ask for your credentials.

Why It Matters

ShinyHunters is a well-known hacker group with a history of major data breaches involving international companies. Their latest campaign shows how cybercriminals can use even limited information to make scams more convincing.

Bottom Line: While Gmail itself has not been breached, Google is warning users to act now. Change your password, enable stronger protections, and stay alert to suspicious emails or calls.