Home / Technology / Gmail Security Scam Steals Google Account Access
Gmail Security Scam Steals Google Account Access
16 Mar
Summary
- A fake Google security tool was discovered stealing sensitive data.
- The malicious site mimics Google's official account security check.
- Attackers intercept two-factor authentication codes and user data.
Cybersecurity experts recently uncovered a sophisticated scam targeting Gmail users. A malicious website meticulously imitates Google's official account security check, luring unsuspecting individuals into a false sense of security. This fake tool prompts users to install what appears to be a legitimate security application.
Once installed as a progressive web app, the site effectively hides its fraudulent nature. The deceptive tool harvests sensitive information, including contacts, GPS location, and clipboard data. Crucially, it can intercept one-time verification codes vital for two-factor authentication, granting attackers unauthorized access.
Attackers disseminate this scam through phishing emails, text messages, and malicious pop-ups, claiming immediate security verification is needed. Users are guided through four steps, each designed to grant cybercriminals deeper access. This includes enabling notifications for direct communication and sharing contacts under the guise of protection.
Further compromising user security, the fake tool requests GPS location access, ostensibly for verification. This allows attackers to collect precise location data. Some versions may also install keylogging software, capturing typed credentials. Google advises users to close unexpected security alert pages and access legitimate tools via myaccount.google.com.
