{"id":23021,"date":"2025-10-16T08:00:03","date_gmt":"2025-10-16T01:00:03","guid":{"rendered":"https:\/\/fpt-is.com\/en\/?post_type=goc_nhin_so&#038;p=23021"},"modified":"2026-01-20T10:29:31","modified_gmt":"2026-01-20T03:29:31","slug":"is-your-gmail-account-hacked-or-a-new-scam-trick","status":"publish","type":"goc_nhin_so","link":"https:\/\/fpt-is.com\/en\/insights\/is-your-gmail-account-hacked-or-a-new-scam-trick\/","title":{"rendered":"Is Your Gmail Account Really Hacked? Or Just a New Scam Trick"},"content":{"rendered":"<h2 id=\"heading-overview\" class=\"permalink-heading\"><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\"><strong>Overview<\/strong><\/span><\/h2>\n<p><span style=\"font-family: arial, helvetica, sans-serif\">Recently, scammers have been exploiting users&#8217; trust in security alerts from tech companies like Google. They impersonate support teams and use sophisticated tactics to steal login information and take over personal accounts.<\/span><\/p>\n<p><a href=\"https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2025\/10\/h2-1759720236.png\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-23023\" src=\"https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2025\/10\/h2-1759720236.png\" alt=\"H2 1759720236\" width=\"1024\" height=\"501\" srcset=\"https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2025\/10\/h2-1759720236.png 1024w, https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2025\/10\/h2-1759720236-700x342.png 700w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/a><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif\">The most common tactic involves sending a fake email or making a phone call, claiming that your Gmail account is under attack. The perpetrator asks you to reset your password and often sends a separate reset email. When you enter your login information and read the verification code, they use that time to take over the account.<\/span><\/p>\n<h2 id=\"heading-how-attackers-execute\" class=\"permalink-heading\"><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\"><strong>How Attackers Execute<\/strong><\/span><\/h2>\n<p><span style=\"font-family: arial, helvetica, sans-serif\">Initially, attackers create a fake email with a display name similar to &#8220;Google Security&#8221; or &#8220;Gmail Alert.&#8221; The email content mentions that your password is under attack and needs to be reset immediately.<\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif\">Example:\u00a0<code>security-alerts.google@outlook.com<\/code><\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif\">Due to the email design being very realistic, users believe their account has actually been compromised. Sometimes, in certain cases, the email content even asks them to call a fake support number.<\/span><\/p>\n<p><a href=\"https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2025\/10\/5af891e6-3f45-43dc-8a32-869745b258a5-1759720235.png\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-23022\" src=\"https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2025\/10\/5af891e6-3f45-43dc-8a32-869745b258a5-1759720235.png\" alt=\"5af891e6 3f45 43dc 8a32 869745b258a5 1759720235\" width=\"659\" height=\"46\" \/><\/a><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif\">When users click on the link in the email or simply select\u00a0<strong>\u201cReset Password Now,\u201d they are redirected to a fake login page.<\/strong>\u00a0Here, the fake website is created with a URL that looks real, such as:\u00a0<code>\u201daccounts.google.secure-reset.com\u201d<\/code>, with an interface copied from Google&#8217;s login page. Users will enter:<\/span><\/p>\n<ul>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">Account name (email)<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">Current password<\/span><\/li>\n<\/ul>\n<p><span style=\"font-family: arial, helvetica, sans-serif\">As soon as the attacker obtains the victim&#8217;s password, they immediately log in and use the stolen information to:<\/span><\/p>\n<ul>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">Actually log into Gmail.<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">Trigger the two-factor authentication (2FA) step.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-family: arial, helvetica, sans-serif\">While the user is waiting for the 2FA verification email or message, the scammer calls pretending to be a &#8220;Google support employee&#8221; to get the OTP sent to the victim&#8217;s phone.<\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif\">Finally, they use the OTP to complete their attack by:<\/span><\/p>\n<ul>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">Successfully logging in.<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">Changing the password.<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">Unlinking devices, changing the recovery email, or phone number.<\/span><\/li>\n<\/ul>\n<h2 id=\"heading-conclusion\" class=\"permalink-heading\"><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\"><strong>Conclusion<\/strong><\/span><\/h2>\n<p><span style=\"font-family: arial, helvetica, sans-serif\">The fake Gmail security alert campaign shows the increasing sophistication of phishing attacks today. By exploiting fear, using fake emails, visually deceptive login pages, and even fake calls pretending to be Google employees, many users have fallen for the trap\u2014even those who thought they were cautious.<\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif\">The most important factor is not the technology, but the\u00a0<strong>awareness and security habits<\/strong>\u00a0of each individual. In an increasingly complex digital environment, a single unchecked click can cost you all your data, identity, and privacy.<\/span><\/p>\n<h2 id=\"heading-ioc\" class=\"permalink-heading\"><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\"><strong>IOC<\/strong><\/span><\/h2>\n<ol>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><strong>Malicious Domain<\/strong><\/span>\n<ul>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">google-verify-login[.]net<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">accounts.google.verify-now[.]com<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">googIe-login[.]com<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">secure-gmail-authentication[.]site<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">mail-gogle[.]com<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><a class=\"autolinkedURL autolinkedURL-url\" href=\"http:\/\/gmail-alert.com\/\" target=\"_blank\" rel=\"noopener nofollow\">gmail-alert.com<\/a>-security[.]org<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">gooqle[.]com<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">security.google.reset-password[.]top<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">accounts-login-gmail[.]cloud<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<h2 id=\"heading-recommendation\" class=\"permalink-heading\"><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\"><strong>Recommendation<\/strong><\/span><\/h2>\n<ol>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><strong>Carefully check the sender&#8217;s email address<\/strong><\/span>\n<ul>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">Don&#8217;t just look at the display name (e.g., &#8220;Google Security&#8221;).<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">Carefully check the\u00a0<strong>actual email address<\/strong>\u00a0behind the name (many cases use\u00a0<code>@outlook.com<\/code>,\u00a0<code>@mail-support.org<\/code>, etc.).<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">Genuine Gmail always sends from addresses ending in\u00a0<code>@google.com<\/code>\u00a0or\u00a0<code>@accounts.google.com<\/code>.<\/span><\/li>\n<\/ul>\n<\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><strong>Do not click on suspicious links in emails<\/strong><\/span>\n<ul>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">Hover over links to\u00a0<strong>preview the URL<\/strong>\u00a0\u2013 if it&#8217;s not\u00a0<a href=\"https:\/\/accounts.google.com\/\" target=\"_blank\" rel=\"noopener nofollow\"><code>https:\/\/accounts.google.com<\/code><\/a>, absolutely\u00a0<strong>do not click<\/strong>.<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">Do not log into your Google account through strange links.<\/span><\/li>\n<\/ul>\n<\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><strong>Do not share OTP\/verification codes with anyone<\/strong><\/span>\n<ul>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><strong>Google NEVER calls or texts to ask for your verification code.<\/strong><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">Never read authentication codes (OTP) over the phone, email, or message.<\/span><\/li>\n<\/ul>\n<\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><strong>Enable two-step verification (2FA) using a security app<\/strong><\/span>\n<ul>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">Use Google Authenticator, Microsoft Authenticator, or other authentication apps instead of just SMS.<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">This reduces the risk of being hacked if someone gets your password.<\/span><\/li>\n<\/ul>\n<\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><strong>Always log in through official addresses<\/strong><\/span>\n<ul>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">Access Gmail through:<\/span><br \/>\n<span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/mail.google.com\/\" target=\"_blank\" rel=\"noopener nofollow\"><code>https:\/\/mail.google.com<\/code><\/a><\/span><br \/>\n<span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/accounts.google.com\/\" target=\"_blank\" rel=\"noopener nofollow\"><code>https:\/\/accounts.google.com<\/code><\/a><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">Avoid logging in through links sent by third parties.<\/span><\/li>\n<\/ul>\n<\/li>\n<li><strong><span style=\"font-family: arial, helvetica, sans-serif\">Be wary of content with high urgency<\/span><\/strong>\n<ul>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">Phishing emails often have subjects like:<\/span>\n<ul>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><em>&#8220;Unusual sign-in attempt&#8221;<\/em><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\"><em>&#8220;Your account will be disabled in 24h!&#8221;<\/em><\/span><\/li>\n<\/ul>\n<\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif\">This is a tactic to\u00a0<strong>scare you into acting quickly.<\/strong><\/span><\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<h2 id=\"heading-reference\" class=\"permalink-heading\"><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\"><strong>Reference<\/strong><\/span><\/h2>\n<p><span style=\"font-family: arial, helvetica, sans-serif\"><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2025\/08\/how-to-spot-the-latest-fake-gmail-security-alerts\" target=\"_blank\" rel=\"noopener nofollow\">How to spot the latest fake Gmail security alerts | Malwarebytes<\/a><\/span><\/p>\n<table style=\"border-collapse: collapse;width: 100%\">\n<tbody>\n<tr>\n<td style=\"width: 100%\"><strong class=\"custom-cursor-default-hover default_cursor_land\">Exclusive article by FPT IS Technology Experts<\/strong><\/p>\n<p><em>Luu Tuan Anh \u2013 FPT IS Cyber Security Center<\/em><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"author":21,"featured_media":23024,"parent":0,"template":"","nang_luc":[790,821],"danh_muc_goc_nhin_so":[789],"dich_vu":[712],"linh_vuc":[],"platform":[],"san_pham":[],"the_goc_nhin_so":[],"class_list":["post-23021","goc_nhin_so","type-goc_nhin_so","status-publish","has-post-thumbnail","hentry","nang_luc-experts-sharing","nang_luc-security","danh_muc_goc_nhin_so-expert-sharing","dich_vu-security"],"acf":[],"_links":{"self":[{"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/goc_nhin_so\/23021","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/goc_nhin_so"}],"about":[{"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/types\/goc_nhin_so"}],"author":[{"embeddable":true,"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/users\/21"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/media\/23024"}],"wp:attachment":[{"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/media?parent=23021"}],"wp:term":[{"taxonomy":"nang_luc","embeddable":true,"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/nang_luc?post=23021"},{"taxonomy":"danh_muc_goc_nhin_so","embeddable":true,"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/danh_muc_goc_nhin_so?post=23021"},{"taxonomy":"dich_vu","embeddable":true,"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/dich_vu?post=23021"},{"taxonomy":"linh_vuc","embeddable":true,"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/linh_vuc?post=23021"},{"taxonomy":"platform","embeddable":true,"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/platform?post=23021"},{"taxonomy":"san_pham","embeddable":true,"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/san_pham?post=23021"},{"taxonomy":"the_goc_nhin_so","embeddable":true,"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/the_goc_nhin_so?post=23021"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}