Google has issued a critical security warning to its 2.5 billion Gmail users, urging immediate action to protect their accounts from a significant increase in phishing and vishing attacks. Cybercriminals have been impersonating Google support through phone calls and fake sign-in pages to steal credentials and bypass two-factor authentication. A concerning number of users have been tricked into granting unauthorized access, often resulting in them being locked out of their own emails.

The attackers are employing sophisticated tactics, including using phone numbers with the 650 area code and exploiting outdated Google Cloud access points through methods like the "dangling bucket" technique. These attacks pose a threat to both personal and enterprise accounts. Google emphasizes that it never contacts users by phone regarding security breaches.

To safeguard their accounts, users are advised to implement several security measures. Activating two-step verification and transitioning to passkeys are strongly recommended. Additionally, users should remain vigilant against phishing attempts and avoid sharing sensitive information over unsolicited calls or emails. Google's Security Checkup and Advanced Protection Program offer additional layers of defense.

In response to this surge in attacks, Google is enhancing its security infrastructure. The company is working to block these threats and has urged users to report any suspicious activity. By staying informed and proactive, users can significantly reduce the risk of falling victim to these malicious schemes.

As cyber threats continue to evolve, it is crucial for Gmail users to remain vigilant and adopt recommended security practices. Regularly updating passwords, enabling two-factor authentication, and being cautious of unsolicited communications are essential steps in maintaining account security. Google's ongoing efforts aim to provide a safer email experience for all users.