299/68 Wednesday, August 20, 2025
Cybercriminals are deploying a new tactic by impersonating Google Support through emails or phone calls that claim “someone is trying to hack your account”, urging users to immediately reset their password. Victims then receive a separate account reset email. When the user logs in and shares a verification code, attackers quickly use that short window to take full control of the account. One victim reported receiving a call from a U.S. number claiming to be a Google representative, but when calling back, no one answered—confirming it was a complete impersonation.
This incident was reported by Forbes and closely resembles other schemes where scammers impersonate major tech companies to gain trust. Recently, the U.S. Federal Trade Commission (FTC) also warned Amazon customers about fake refund emails that link to phishing pages designed to steal personal information. These scams raise doubts among users about whether they can trust security alerts from legitimate tech providers.
Both Google and Amazon have issued guidelines to help users stay protected. Google clarified that it will never send direct login links and that legitimate alerts will only appear under the “Recent Security Activity” section of a user’s account. Amazon also provides documentation on how to spot phishing emails. Security experts advise: “Google will never make unexpected phone calls, and you should never share your passwords or verification codes with anyone—unless you explicitly requested them yourself.”
Source https://www.malwarebytes.com/blog/news/2025/08/how-to-spot-the-latest-fake-gmail-security-alerts
