Google issues warning to billions of Gmail users amid dangerous new scam

Google issues a warning to billions of Gmail users over a dangerous new scam.

The tech giant has alerted Gmail users that a notorious hacker group is actively targeting account holders after gaining access to a massive database through a third-party breach.

The attacks originated from a security incident involving Salesforce's cloud platform, which exposed users of Google services to follow-up intrusions.

With approximately 2.5 billion people using Gmail and Google Cloud services, the tech giant is urging users to remain vigilant for suspicious activity and enforce stronger security measures.

What is the threat?

Google's Threat Intelligence Group first identified these attacks in June, revealing that cybercriminals were targeting victims through social engineering tactics. One common example was impersonating IT support staff over the phone.

Google issues a warning to billions of Gmail users over a dangerous new scam. (SOPA Images/Contributor/Getty)

By August, the Alphabet-owned company confirmed multiple 'successful intrusions' had occurred as a result of compromised passwords.

While the initially stolen data consisted of 'basic and largely publicly available business information,' hackers are using it as a basis for more serious breaches.

“We believe threat actors using the ‘ShinyHunters’ brand may be preparing to escalate their extortion tactics by launching a data leak site (DLS),” a blog post by Google Threat Intelligence Group read.

“These new tactics are likely intended to increase pressure on victims, including those associated with the recent UNC6040 Salesforce-related data breaches.”

The ShinyHunters threat originally came about in 2020, seemingly taking its name from the Pokémon franchise.

The new tactics are likely intended to increase pressure on victims. (NicoElNino/Getty)

They have been linked to several high-profile data breaches affecting major companies including AT&T Wireless, Microsoft, Santander, and Ticketmaster.

Google's Threat Intelligence Group warns that ShinyHunters may be preparing to 'increase pressure' in their follow-up approach known as UNC6240, which is happening months after the initial data theft.

"The extortion involves calls or emails to employees of the victim organization demanding payment in bitcoin within 72 hours," the blog post described.

"We continue to monitor this actor and will provide updates as appropriate."

The method of impersonating IT support personnel via telephone calls has proven 'particularly effective in tricking employees,' according to Google. Victims often work at English-speaking branches of multinational corporations, making them prime targets for these social engineering attacks.

How to stay protected against cyberthreats

Google notified all affected users via email on 8 August and recommended several protective measures.

To stay protected against potential scams, Google advises its users to regularly update passwords across all their accounts and enable two-factor authentication.

And as always, users should remain vigilant of any unsolicited calls from IT support.