A recent security breach at Google has triggered a global scam alert, with cybersecurity experts issuing a warning to the more than 2.5 billion Gmail and Google Cloud users. While Google confirms the breach was limited to a corporate database and did not expose consumer passwords or sensitive data, scammers are capitalizing on the news to launch sophisticated phishing and “vishing” (voice phishing) attacks.
The most prevalent new scam involves phone calls originating from a 650 area code, which is associated with Google’s headquarters in Mountain View, California. Scammers are spoofing these numbers to appear legitimate, posing as Google security or support agents. They contact victims to “warn” them of a security breach and then pressure them to “verify” their account details or reset their password over the phone.
The trap is simple yet effective. The caller asks the user to provide a password or a two-factor authentication (2FA) code, which they then use to hijack the account. Once they have control, they can lock the rightful owner out, gaining access to personal emails, photos, files, and other sensitive information stored across Google’s services.
Google has clarified that it will never contact users by phone to ask for passwords, 2FA codes, or any other personal information. The company handles security alerts through official channels like emails, in-app notifications, and the Google Security Checkup tool.
To protect yourself, remember these key points:
- Never give out personal information over the phone to an unsolicited caller, regardless of their supposed affiliation.
- Be skeptical of any calls that create a sense of urgency or threat.
- Activate two-factor authentication (2FA) on your account. This is the single most effective way to prevent unauthorized access.
- Use the Google Security Checkup tool to review your account’s security status and make sure all settings are secure.
- Use strong, unique passwords for all your online accounts.
The breach underscores how cybercriminals can weaponize even limited information to create believable scams. Staying vigilant and informed is the best defense against these evolving threats. If you receive a suspicious call, hang up immediately and report the number to the authorities.
