10 seconds is all it takes these Gmail hackers to start their attack
Update, Oct. 26, 2024: This story, originally published Oct. 25, includes additional practical email security tips on how to keep your Gmail account safe from hackers using Google’s security checkup feature.
Losing access to your email account is a frightening thing to experience if, like many of us, it’s part of our online work and pleasure ecosystem. Google says there are more than 2.5 billion Gmail accounts, so it’s not surprising that threat actors treat getting access to them as a priority, regardless of the ultimate attack campaign payload. When faced with an email security emergency, the first thing on the mind of many is to ask for help, and that’s where the 10-second account hackers find their prey. Here’s what you need to know about this predatory attack methodology and how to swerve their attention if locked out of your Gmail account.
The Email Security Alert All Gmail Users Need To Be Aware Of
You only have to visit the official online Gmail support community provided by Google itself to understand the myriad ways that users seem able to find to lose access to their email accounts. Everything from forgetting a password or even the username used as part of the login credentials, having issues with two-factor authentication, an inability to reset a password using the account recovery process, someone else logging in and locking them out, and so on. The good news is that the official support forum, as well as places like the Gmail subreddit, are populated by genuinely knowledgeable and helpful souls, on the whole, who aren’t there to cause you harm. The bad news being that many folk, when faced with an email security issue such as this, go straight into panic mode and that means shouting for help on social media. hich is where the trouble really starts.
I don’t know how to say this any clearer: do not ask for help accessing your Gmail account, or any account for that matter, on X, Facebook, Instagram, or any social media platform. Searching Google for the official online help guides takes just a few seconds., about as long as it takes the predatory hacker bots to strike if you ask for help on X. I’m using X, formerly known as Twitter, as the example here as it remains the social media platform I use the most. Feel free to follow me on X for more advice on email security.
The 10-Second Email Security Hacking Threat
The threat to email security that is posed by an army, and I use that phrase learnedly, of bots on X is not only real, it’s also predatory and very dangerous indeed as it strikes when the victim is at their most vulnerable. Let me explain by way of a little experiment I carried out this very morning. I simply posted the following tweet to X:
A typical help me tweet
It took less than 10 seconds for the email security bots to engage and less than five minutes for the floodgates to have been well and truly opened. While many of these ended up in the “including those that may contain offensive content” category that you have to click through to show, others were ignored and displayed in the thread. Most follow the same template response: The same thing happened to me/my friend/someone I know — contact someone@somewhere and they will help get your account back.”
A number of these bots, all using what appear at first glance to be genuine X user accounts, will point to the same user who can help. The truth of the matter is that none, absolutely zero, of them will help you. Quite the opposite, they will use the situation to either relieve you of money for doing nothing to get your account reinstated (they couldn’t do it without using the official account recovery process anyway) or, worse still, exploit your email security anxiety to get you to hand over your account credentials and really take over your entire Google account, access to Gmail and all.
What To Do If You Get Locked Out Of Your Gmail Account
The first thing to do in any type of email security incident, from accidental inbox deletion through forgotten access password to being seemingly locked out of your entire account, is to step back, take a breath and count to ten. If that sounds patronizing, that is not my intent: clearing your head and not making any knee-jerk decisions is the single best bit of advice I can offer.
I have published a round-up of advice for what to do if Gmail hackers have control of your account 2FA, email or cell number, and recommend reading it as the support offered within applies across multiple email security incident scenarios. You can also jump directly to Google itself, using your favored web browser and entering the details yourself rather than clicking a link in an email or text message to be on the safe side. If you are reading this because you have been locked out of your account, it’s safe to click this link for help.
So, to recap:
Don’t ask for help on any social media platform.
Don’t respond to any bots that reply if you ignore that sage advice.
Do check the official Google support forums and Gmail help subreddit.
Do use Google’s email security checklist to ensure you have recovery processes in place ahead of needing to use them.
Take The Google Checkup To Keep On Top Of Your Email Security
Google’s security checkup feature is one of those things that is either overlooked or totally out of sight for many users. Sure, Google might prompt users to take it every now and then, but in my never humble opinion, doing so should be a mandatory exercise for all users at least once a year. Although I often warn against letting security measures get in the way of usability, some are just plain necessary: two-factor authentication, getting logged out of an account after a set period of inactivity, and checking your security settings are up to date. The first of these, 2FA, is the only one that might be a common interruption to your online activity flow and will kick in when the second is activated, but the third really is a no-brainer. So, what does taking the Google security checkup entail?
Take the Google Security Checkup ASAP
Simply head to the Google Security Checkup page, and the process will start as the tool is loading so as to have all the information readily on display for you to act upon accordingly. The iconography alongside each area of the checkup display indicates the urgency of the user’s consideration of the recommendations. In the case of the account being used as an example here, the top two need to be looked at. Clicking the dropdown arrow alongside each one will open up the relevant information.The iconography alongside each area of the checkup display indicates the urgency of the user’s consideration of the recommendations. In the case of the account being used as an example here, the top two need to be looked at. Clicking the dropdown arrow alongside each one will open up the relevant information.
The first, regarding email forwarding, should be considered essential as this is a prime methodology used by someone who has gained illicit access to your account but doesn’t want you to know about it. A stalker, for example, can have a copy of all your emails forwarded, in the background and without you knowing, to an address that they can monitor. If you don’t have any forwarding configured, then this is a massive red flag; ditto if you don’t recognize any forwarding address in the displayed list. Removing them is simply a matter of clicking a button. This feature also displays, under the “more settings” tab, any addresses used as a destination for people who reply, addresses shown as the “from” when sent, and those emails which have been blocked.
Of equal importance, the “devices” section shows all the devices that have logged into your account, including details such as the last active date and the location. If you don’t recognize any of these, again a massive red flag as this could be someone who has hacked your account. Again, it’s just a one-click option to remove any of the devices that are shown. Don’t worry if you make a mistake and remove a device you should have kept, it will ask you to verify your identity, login again including any 2FA option, the next time you try and connect using it.
