Google has issued a new security alert for Gmail users after discovering a serious phishing attack. This attack uses tricks and system weaknesses to fool people into giving away their login details. Google is now urging users to stop using passwords and switch to safer login methods.
Ethereum Developer Targeted in Clever Phishing Scam
The alert gained attention after Nick Johnson, an Ethereum developer, shared his experience. He received a very realistic email from no-reply@google.com that looked like a real legal warning from Google. It passed all checks and appeared to be safe inside Gmail.
However, the email was part of a phishing trick. It copied an official-looking message and was forwarded to others with the correct Google signature, making it hard to detect. Its goal was to lead users to a fake login page to steal passwords.
Google Acknowledges the Attack
Google has confirmed the issue. A spokesperson said, “We’re aware of this type of attack and are working to block it. New protections are already being rolled out and will soon be active for all users.”
While Google is fixing the issue, they strongly recommend using two-factor authentication (2FA) and passkeys instead of regular passwords. These security features give better protection against phishing.
Why Passwords Are No Longer Safe
Even if you use two-factor authentication (especially through SMS), your account could still be at risk. Hackers can now easily steal passwords and even your SMS codes. If they get both, they can log in using their own devices.
The solution? Stop using passwords altogether. Google advises users to switch to passkeys, which are safer and work only on your personal devices.
What Are Passkeys and Why Are They Safer?
A passkey links directly to your device, like your phone or computer. To log in, you need to unlock that device with your fingerprint, face scan, or PIN. Without your device, no one can access your account — even if they know your password.
Unlike passwords, passkeys can’t be copied and can’t be reused on fake websites. This stops phishing attacks before they even begin.
Cyberattacks Are Becoming Smarter with AI
Google’s warning comes as AI tools make it easier for hackers to launch targeted attacks. These tools can create realistic fake emails and websites that trick even smart users.
Microsoft has also warned that AI is helping cybercriminals automate attacks faster and cheaper than ever before. That means everyone needs to be more careful with how they secure their online accounts.
Update Your Gmail Security Now
If you use Gmail, here’s what you should do now:
- Stop using passwords to log in.
- Set up passkeys on your phone or device.
- Avoid clicking links in emails unless you are 100% sure they are real.
- Use two-factor authentication (preferably with an app, not SMS).
- Stay alert for strange or official-looking messages asking for logins.
By updating your account security today, you can avoid becoming the next target.
