Google Issues Warning Of Second Cyberattack Wave Targeting 2.5 Billion Gmail Users

Google has alerted its 2.5 billion Gmail users to an impending second wave of cyber threats this holiday season, urging vigilance against phishing and malware attacks. Google warns that attackers are persistent and typically intensify their efforts during this period.

Since mid-November, Google has observed a “massive surge” in email traffic, increasing the challenge of maintaining inbox security. Despite these threats, Google noted a 35% drop in phishing attacks compared to last year’s holiday season.

However, Gmail remains a prime target due to its vast user base, prompting Google to invest heavily in security measures that block over 99.9% of spam, phishing, and malware.

Google’s recent blog post highlighted significant improvements in security, with Gmail users reporting one-third fewer scams during the first holiday month than in 2023. Google’s systems blocked millions of additional harmful messages before they reached users’ inboxes.

While Gmail’s robust systems block the majority of threats, scammers are adapting their tactics, making user awareness critical. Google warns that this season has seen a surge in three types of scams. Specifically, invoice scams involve fake billing emails designed to provoke disputes, during which scammers manipulate victims into making payments.

Celebrity scams exploit the names of famous individuals, either by impersonating them or falsely claiming endorsements for products, tricking users with “too good to be true” promises. Extortion scams take a more menacing approach, using personal details such as home addresses to issue threats of harm or exposure unless demands are met.

Additionally, Check Point researchers recently revealed that cybercriminals are now exploiting Google Calendar and Google Drawings for phishing attacks. Imitations of calendar invitations redirect users to malicious links designed to steal sensitive information.

Meanwhile, Forbes reported a rise in AI-driven phishing scams. Attackers use AI to mimic Google support, creating hyper-realistic calls and emails that deceive even experienced users.

In one case, a scammer combined fake recovery notifications, a spoofed Google phone number, and an AI-generated call to trick a Microsoft consultant. Another incident involved a phishing attempt exploiting a false claim about a family member’s death to approve fraudulent account recovery.

To stay secure, Google advises users to slow down and carefully evaluate emails, especially those that create urgency or fear. Verifying the authenticity of messages and senders is essential, as is refusing to share sensitive information or make payments under pressure.