06-07-2025
Urgent Gmail account alert with users urged not to ignore 6 important new rules
Our community members are treated to special offers, promotions and adverts from us and our partners. You can check out at any time. More info
There's a new security warning for email users, with Google and Gmail accounts now under threat. These platforms are among the most secure globally, offering advanced spam filtering and safer login methods through multi-factor authentication.
Despite these features safeguarding most users, it's crucial not to let your guard down. It has been confirmed that Russian hackers have recently discovered a way to circumvent some of Google's security measures, leaving some accounts vulnerable to attack, reports the Mirror.
This latest risk was identified by security researchers at Google Threat Intelligence Group. It has since been confirmed that targeted attacks have already occurred, making this warning vital to heed.
As many people know, Google accounts are highly secure, requiring users to use multiple methods to access services like Gmail. This includes the crucial two-factor authentication, which sends a message to a secondary device when trying to access accounts - without this code, there's no way to log in.
However, it appears that Russian cyber criminals have found a way to target older phones and other devices that can't handle this additional verification step. Google provides another security method called app passwords, which are unique 16-digit codes designed to keep less modern devices safe.
Experts are raising the alarm over app passwords, which bypass two-factor authentication, making them more susceptible to hacking or phishing. Malwarebytes specialists have reported that scammers employed this tactic to go after notable academics and critics of Russia.
"The attackers initially made contact by posing as a State Department representative, inviting the target to a consultation in the setting of a private online conversation," Malwarebytes said. "While the target believes they are creating and sharing an app password to access a State Department platform in a secure way, they are actually giving the attacker full access to their Google account."
Despite the precision of this attack, it doesn't rule out the possibility of the general public being targeted next, as hackers continually seek new methods to pilfer personal information. Malwarebytes added: "Now that this bypass is known, we can expect more social engineering attacks leveraging app-specific passwords in the future."
For those worried about falling prey to such attacks, the security experts at Malwarebytes have shared tips on how to protect your account. Here's a rundown of 6 fresh guidelines everyone should adhere to:
• Deploy app passwords only when they're absolutely essential. If you can switch to apps and devices that offer more robust sign-in options, do so without delay.
• The recommendation to utilise MFA remains robust, however, it's important to note that not all MFA is of the same quality. Authenticator apps (like Google Authenticator) or hardware security keys (FIDO2/WebAuthn) are more resilient to attacks compared to SMS-based codes, let alone app passwords.
• Regularly educate yourself and others on how to identify phishing attempts. Attackers often circumvent MFA by duping users into disclosing credentials or app passwords through phishing.
• Frequently update your operating system and the apps you use to fix vulnerabilities that attackers might take advantage of. Enable automatic updates whenever feasible so you don't have to remember to do it yourself.
• Keep a lookout for unusual login attempts or suspicious activity, such as logins from unfamiliar locations or devices. And restrict those logins where possible.
• Employ security software that can block malicious domains and detect scams.
Join our Dublin Live breaking news service on WhatsApp. Click this link to receive your daily dose of Dublin Live content. We also treat our community members to special offers, promotions, and adverts from us and our partners. If you don't like our community, you can check out any time you like. If you're curious, you can read our Privacy Notice .
For all the latest news from Dublin and surrounding areas visit our homepage.
