Is my Gmail account hacked? Google ‘warns’ 3 billion users of security risk; check how to recover phished account

More than 3 billion Gmail users are potentially at risk as a major phishing campaign has tricked victims through imitation of Google’s security alerts. The new attack, which employs OAuth apps and a DomainKeys Identified Mail (DKIM) bypass, has made fake emails appear authentic.

Google confirmed the issue and is deploying updated protections. A spokesperson from the tech giant said that the new safety features will shut down the avenue for abuse once fully in place.

Gmail account hacked? You have seven days to act

According to a Forbes report, if a Gmail account has been compromised and the attacker has changed password and recovery methods, the legitimate user still has seven days to reverse them. Reportedly, the recovery can be done via original recovery phone number or email—if they were previously set up.


Google’s Ross Richendrfer was quoted in the Forbes report stating that users can always enable phishing-resistant technologies like passkeys and security keys. He also urged the users to keep their recovery information updated at regular intervals.

Also Read : NFL Draft 2025: Date, time, schedule, live streaming, Round 1 order and other details

Why passkeys are the future

Reportedly, the tech giant has issued a stern warning against relying solely on passwords or SMS-based two-factor authentication. Both these systems—the firm said—are now vulnerable to increasingly sophisticated attacks.

Google urged the users to adopt passkeys, which are tied to their device and require biometric or PIN verification. It added that passkeys make unauthorised access significantly more difficult.

Gmail attack sparks panic

Google was alarmed when Ethereum developer Nick Johnson received a realistic legal notice from ‘no-reply@google.com’ ID. The email had a valid DKIM signature and mimicked an official Google alert.

It, according to the media reports, turned out that attackers had exploited a loophole. They sent genuine emails to themselves and forwarded them to victims to phish credentials.

Premium users can access live human support

As per the reports, users who are subscribed to Google One’s premium service can access live human support. This includes call-backs and chat options for account recovery. Human support could significantly speed up regaining access following a cyberattack.

Also Read : Pope Francis funeral: Donald Trump to Emmanuel Macron, these world leaders set to attend ceremony

Quick tips to secure your Gmail account

1. Use a passkey associated with your device
   
2. Utilize either Google Authenticator or Google Prompts, instead of SMS
   
3. Add and routinely update your recovery phone number and Email
   
4. Avoid clicking any links in unexpected emails about security alerts
   
5. Google will never contact users directly about account security

FAQs

Q: What can I do if someone hacks into my Gmail account?
You need to respond as soon as possible. Utilize your recovery phone number or email—if not yet modified by the attacker—to begin account recovery within seven days.

Q: How do passkeys enhance Gmail security?
Passkeys are also associated with your own device and need biometric or PIN authentication. They are not easy to phish or reusable like passwords, so they are significantly more secure.