Google impersonation scams are becoming increasingly sophisticated, using a combination of emails and phone calls to trick victims into giving out security codes meant to protect their accounts from hackers. The scam begins by triggering security alert emails to a Google user, warning them that someone is trying to access their account from an unrecognized device or location. Scammers do this by attempting to log into the Google account multiple times using the victim’s email address and either a real or incorrect password.
Google automatically recognizes when someone is trying to access an account from a different location or device, usually blocking the login attempt and sending an alert to check if it was really the account owner. Shortly after the emails, the victim receives a phone call from fraudsters claiming to be from Google’s “security team”. They ask if the victim has received the email warnings and explain that their account is being hacked.
The scammers then request an account reset from Google using the victim’s email address, triggering a security code to be sent to their phone or backup email. The scammers claim the victim needs to tell them the code to confirm their identity and secure the account. If the victim gives the code to the scammers, they use it to gain access to the account, lock the victim out, and end the call.
Fraudsters usually already have the victim’s email address and phone number, and sometimes even their password, possibly from a previous phishing email or an online data breach. They seek access to personal information such as payment details, emails, and contact lists. This information can be used to carry out further scams more convincingly, possibly emailing the victim’s contacts and asking them for money or making unauthorized money transfers.
If your Google account has been accessed by scammers, try using the Google Account Recovery tool to regain control. The tool can be used if your password or other login details have been changed by scammers.
Sophisticated Google impersonation scam exposed
Use a device such as a computer or mobile that you usually use to log into your Google account. If scammers have stolen money from you or used your account to scam someone else, report it to your payment provider. You should also report the scam to Action Fraud or the police.
To protect yourself from this scam:
1. Never give security codes or passwords for your Google account to anyone. 2.
Set up two-factor authentication on all your important accounts or use an authenticator app. 3. Check the email address of any security alert emails you receive out of the blue from Google.
Most will be sent from [email protected]. 4. Be cautious if you receive an email from Google about your account to a different email account, such as Hotmail or Yahoo, as it’s almost certainly fake.
Google typically only sends account security alerts through its own Gmail platform. Stay vigilant and protect your accounts by following these steps to avoid becoming a victim of this sophisticated scam.