10 seconds is all it takes for these Gmail hackers to launch their attack
Update, October 26, 2024: This story, originally published on October 25, includes additional practical email security tips on how to keep your Gmail account safe from hackers using Google’s security check feature.
Losing access to your email account is a scary thing to experience if, like many of us, it’s part of our online work and pleasure ecosystem. Google says it has more than 2.5 billion Gmail accounts, so it’s no surprise that threat actors treat accessing them as a priority, regardless of the final payload of the attack campaign. When faced with an email security emergency, the first thing on many people’s minds is to ask for help, and that’s where 10-second account hackers find their prey. Here’s what you need to know about this predatory attack methodology and how to avoid their attention if they get locked out of your Gmail account.
The email security warning should be aware of by all Gmail users
You only need to visit the official Gmail online support community provided by Google itself to understand the multitude of ways users seem to find to lose access to their email accounts. Everything from forgetting a password or even the username used as part of your login credentials, issues with two-factor authentication, not being able to reset a password using the account recovery process, someone else logging in and locking them out , etc. The good news is that the official support forum, as well as places like the Gmail subreddit, are populated by genuinely knowledgeable and generally helpful souls who aren’t out to do you any harm. The bad news is that many people, when faced with an email security issue like this, go straight into panic mode, and that means screaming for help on social media. this is where the trouble really begins.
I don’t know how to say this more clearly: don’t ask for help logging into your Gmail account, or any account for that matter, on X, Facebook, Instagram, or any social media platform. Searching Google for official online help guides only takes a few seconds., about the time it takes predatory hacker bots to pounce if you ask for help on X. I’m using X, formerly known as Twitter, as an example here as it remains the social media platform I use the most. Feel free to follow me on X for more email security tips.
The 10 Second Email Security Hack Threat
The threat to email security posed by an army, and I use that phrase learnedly, of bots in X is not only real, it is also predatory and very dangerous indeed as it strikes when the victim is most vulnerable. Let me explain with a little experiment I did this morning. I just posted the following tweet on X:
A typical tweet help me
It took less than 10 seconds for the email security bots to engage and less than five minutes for the floodgates to be well and truly opened. While many of them ended up in the “including those that may contain offensive content” category that you have to click to display, others were ignored and appeared in the thread. Most follow the same template response: Same thing happened to me/my friend/someone I know — contact someone@someone and they’ll help get your account back.”
A number of these bots, all using what at first glance appear to be real X user accounts, will point to the same user who can help. The truth of the matter is that none of them, absolutely zero, will help you. Quite the opposite, they’ll use the situation to either bail you out of money for doing nothing to restore your account (they couldn’t do it without using the official account recovery process anyway) or, even worse, exploit your email security anxiety to get you to hand over your account credentials and actually get your entire Google account, Gmail access and all.
What to do if you are blocked from your Gmail account
The first thing to do in any kind of email security incident, from accidentally deleting your inbox to a forgotten login password to seemingly being locked out of your entire account, is to step back, take a breath, and count to ten. If that sounds patronizing, that’s not my intention: clearing your head and not making any hard decisions is the single best advice I can offer.
I have published a summary of tips on what to do if Gmail hackers have control of your 2FA account, email or mobile number and I recommend reading it as the support provided within applies to multiple email security incident scenarios. You can also jump right into Google itself, using your favorite web browser and entering the details yourself instead of clicking a link in an email or text message to be on the safe side. If you’re reading this because you’ve been locked out of your account, it’s safe to click this link for help.
So to summarize:
Don’t ask for help on any social media platform.
Don’t answer any answering bots if you ignore that sage advice.
Check the official Google support forums and the Gmail help subreddit.
Use Google’s email security checklist to make sure you have recovery processes in place before you need to use them.
Take control of Google to keep on top of your email security
Google’s security check feature is one of those things that is either overlooked or completely out of sight for many users. Sure, Google can push users to get it from time to time, but in my never-humble opinion, doing so should be a mandatory exercise for all users at least once a year. Although I often caution that security measures don’t hinder usability, some are simply necessary: two-factor authentication, signing out of an account after a certain period of inactivity, and checking for updated security settings. The first of these, 2FA, is the only one that can be a common disruption to the flow of your online activity and will kick in when the second is enabled, but the third is really a no-brainer. So what does it mean to perform a security check on Google?
Do the Google Security Checkup as soon as possible
Just head over to the Google Security Checkout page and the process will start while the tool is loading, so you’ll have all the information on screen so you can act accordingly. The iconography next to each area of the control screen indicates the urgency of the user’s review of the recommendations. In the case where the account is used as an example here, the first two should be looked at. Clicking the drop-down arrow next to each will open the corresponding information. The iconography next to each area of the control screen indicates the urgency of the user’s review of the recommendations. In the case where the account is used as an example here, the first two should be looked at. Clicking the drop-down arrow next to each will open the corresponding information.
The first, regarding email forwarding, should be considered essential as this is a key methodology used by someone who has gained illegal access to your account but doesn’t want you to know about it. A stalker, for example, can send a copy of all your emails, in the background and without your knowledge, to an address they can monitor. If you don’t have any forwarding set up, then this is a massive red flag; so if you don’t know any forwarding address in the displayed list. Removing them is just a matter of clicking a button. This feature also displays, under the “more settings” tab, any addresses used as destinations for people replying to, addresses shown as “from” when sent, and those emails that have been blocked.
Equally important, the “devices” section shows all the devices that are registered to your account, including details such as last active date and location. If you don’t recognize any of these, again a massive red flag as this could be someone hacking your account. Again, it’s just a one-click option to remove any of the devices that appear. Don’t worry if you make a mistake and remove a device you should have kept, it will ask you to verify your identity, sign in again by including any 2FA options, the next time you try and connect using it.