New Gmail Security Warning For 2.5 Billion—Second Attack Wave Incoming

New Gmail Security Warning For 2.5 Billion—Second Attack Wave Incoming
Davey Winder
Senior Contributor
Davey Winder is a veteran cybersecurity writer, hacker and analyst.
Follow

0
Dec 20, 2024,08:58am EST
Updated Dec 20, 2024, 08:59am EST
Gmail logo on smartphone with green binary code in background
Google has issued a Gmail warning as a second wave of attacks is incomingSOPA Images/LightRocket via Getty Images
Update, Dec. 20, 2024: This story, originally published Dec. 18 now includes details of newly published warnings regarding phishing attacks against Gmail and other email platforms following reports by SlashNext and Zimperium zLabs researchers.

As it issues a warning that a second wave of cyber threats against Gmail users is incoming from very persistent attackers, Google has detailed the specific attack methodologies involved and recommended actions that all 2.5 billion Gmail users employ to stay safe and secure. Here’s what you need to know.

Forbes
Elon Musk Xmail Teaser Poses New Threat For Billions Of Gmail Users
By Davey Winder
Google Has Confirmed Email Scams Are Surging—Here’s What Gmail Users Need To Know
Although when compared to last year, the number of phishing attacks are down by 35% during the holiday season so far, Andy Wen, Gmail’s senior director of product management, said, the “attackers are very persistent and typically gear up for a second wave of attacks at this point in the season.” Indeed, since mid-November, Google has said it has observed a “massive surge in email traffic compared to previous months,” which makes protecting your Gmail inboxes a “greater challenge than normal.” With in excess of 2.5 billion users, according to Google itself, Gmail is naturally the prime target for attackers and keeping those inboxes secure is something that Google takes seriously. “We invest heavily to meet this responsibility, blocking more than 99.9% of spam, phishing and malware in Gmail,” Wen said.

In a newly published blog posting, Wen said that Gmail users have reported a third fewer scams, including both phishing and malware in this definition, during the first month of the holiday season than in 2023. “Millions more unwanted and potentially dangerous messages were blocked before they even reached inboxes,” Wen said. Here’s how Google protected those Gmail users, along with the threats it has warned you need to be alert to as 2024 draws to a close.

Forbes
Gmail Account Deletion Warning—Act Now To Save Your Email In 2025
By Davey Winder
Forbes Daily: Join over 1 million Forbes Daily subscribers and get our best stories, exclusive reporting and essential analysis of the day’s news in your inbox every weekday.

Email address
Sign Up
By signing up, you agree to our Terms of Service, and you acknowledge our Privacy Statement. Forbes is protected by reCAPTCHA, and the Google Privacy Policy and Terms of Service apply.
Gmail Has New Spam And Scam Tech To Protect Users From Attack
Google is very keen, and quite rightly, to point out how new technology it has put in place continues to protect billions of Gmail users from attack. “This year, we developed several ground-breaking AI models that significantly strengthened Gmail cyber-defenses,” Wen said, “including a new large language model that we trained on phishing, malware and spam.” This, Google said, enabled 20% more spam to be blocked, by the identification of malicious patterns than previously. An even newer AI model, introduced just before Black Friday, according to Wen, “acts like a supervisor for our existing AI defenses by instantly evaluating hundreds of threat signals when a risky message is flagged and deploying the appropriate protection.” And doing so, apparently, in the blink of an eye.

symbol
00:00

03:36
Read More

Forbes
Gmail Takeover Hack Attack—Google Says You Have 7 Days To Act
By Davey Winder
MORE FOR YOU
Today’s NYT Mini Crossword Clues And Answers For Wednesday, December 25

NYT ‘Strands’ Today: Hints, Spangram And Answers For Wednesday, December 25th

Dana White Announces UFC Signing Dynamic 19-Year-Old On Instagram

The Second Wave Of Gmail Attacks—What To Watch Out For
Google has warned that a second wave of cyber attacks targeting Gmail users is incoming and, specifically, alerted them to three that are “in heavy use” currently:

Gmail Extortion Scams
This “vicious and scary” scam involves sending an email that includes details of the victim’s home address. The so-called “We know where you live” attack. There are multiple versions doing the rounds, often including photography of your home. “They generally either include threats of physical harm or threats of releasing damaging personal material they say they acquired through a hack,” Wen said.

We know where you live attack mocked-up email
We know where you live attackGoogle
Gmail Invoice Scams
As the name rather gives away, these attacks involving the sending of fake invoices with the intent to trick the recipient into contacting them to dispute the charges, which can be done for a fee. This negotiation is often done over the phone, having provided a number to call in the Gmail message. “These scams aren’t new,” Wen said. “but are persistent and incredibly prevalent this holiday season.”

Final invoice Gmail scam
Final invoice Gmail scamGoogle
Gmail Celebrity Scams
You can probably file these scams in the brand-impersonation category, but the brand being impersonated is a human being. “Over the past month, many of the most common scams popping up reference famous people,” Wen warned, “either pretending to come from the celebrity themself or claiming a given celebrity is endorsing a random product.”

Gmail celebrity scam
Gmail celebrity scamGoogle
Gmail Users Must Take Note Of All Email Phishing Attacks—Here’s Why
It’s important not to get too focused on Gmail threats alone when the truth of the matter is all phishing threats are of concern to users of all email platforms. That means being aware of more than just the primary “second wave” Gmail threats that Google has issued this warning about. Newly published research revealed the reason why: phishing attacks targeting your passwords rose by more than 700% in the seconds half of 2024 according to SlashNext.

SlashNext analysts said that the sharp upturn in credential theft attacks highlights another upturn: the use of “sophisticated phishing kits and social engineering tactics.” When it comes to email attacks specifically, these are also on an upward incline with a rise of more than 200% in the same timeframe. Individual users, the report warned, received “at least one advanced phishing link per week capable of bypassing traditional network security controls.” Worryingly, of all the embedded links observed by SlashNext, some 80% were of the zero-day, previously unknown to researchers and vendors, type. “The reported 202% rise in email-based threats coincides with the integration of hybrid attack vectors,” Callie Guenther, senior manager of cyber threat research at detection and response provider Critical Start, said, “where malicious links, QR codes, and attachments are combined to bypass conventional defenses.” Guenther also warned that social engineering and AI-driven phishing campaigns are fueling a shift toward tailored attacks that leverage compromised credentials harvested at scale. “Cybercriminals use legitimate but compromised email accounts to execute internal phishing, invoice fraud, or real-time interception of one-time passwords,” Guenther said, “This trend suggests attackers are focused on monetizing phishing efforts through multiple vectors, including ransomware and cryptojacking payloads embedded in phishing campaigns.”

Meanwhile, Nicole Carignan, vice president of strategic cyber AI at Darktrace, said: “Despite increased focus on email security, organizations and their employees continue to be plagued by successful phishing attempts. Many tools used by organizations today depend on historical attack data to identify and stop known email threats from reentering inboxes. However, this approach often fails to recognize new or unknown threats.”

Forbes
New Warning As Self-Deleting Cyberattack Targets Windows, Mac
By Davey Winder
Researchers Uncover Another Sophisticated Attack That Gmail Users Should Be Aware Of
Yet another phishing attack, leveraging a number of different techniques and tactics, exploit methods and platforms, has been revealed in a newly published report from security researchers at Zimperium zLabs. Santiago Rodriguez, Zimperium’s phishing and data analytics team leader, has reported how the researchers analyzed a targeted campaign that sought to leverage a DocuSign impersonation scheme in an attempt to harvest corporate credentials from company executives.

The newly revealed attack-chain, Rodriguez said, was particularly interesting as it incorporated a number of advanced evasion techniques along with “mobile-specific targeted phishing links inside PDF files and sophisticated infrastructure designed to circumvent traditional security controls while maintaining a convincing corporate appearance.” I’d agree with that, although when the report said that this illustrated the evolving nature of “targeted corporate mishing,” I started to resemble a bobblehead in an earthquake. It appears that mishing is a term that Zimperium has come up with for a broad spectrum of mobile-targeted phishing attacks. So, phishing, then, why not say so? Read this fascinating exploration as to why language is so important in these things. OK, moving on, let’s examine some of the key findings from the analysis.

Attack sophistication: Multi-stage attack chains involve well-crafted emails, legitimate-looking domains, CAPTCHA verifications, and device-specific targeting.
Mobile targeting: Phishing links behave differently on mobile vs. desktop, presenting malicious pages only to mobile users.
Infrastructure abuse: Threat actors exploit trusted platforms like Cloudflare and compromised domains to enhance attack credibility.
Evasive techniques: The use of PDF-based phishing bypasses traditional URL scanning and exploits user trust in business documents.
“The growth in mobile-targeted phishing attacks highlights the need for advanced, AI-driven security solutions that can detect and block sophisticated threats in real-time,” Stephen Kowski, field chief technology officer at SlashNext Email Security+, said “By adopting a proactive approach to mobile security, organizations can pointedly reduce their vulnerability to these evolving phishing tactics and better safeguard their sensitive data.”

Meanwhile, Patrick Tiquet, the vice president of security and architecture at Keeper Security, warned that as mobile devices have become so essential to business operations, securing them is crucial, especially to protect against the large variety of different types of phishing attacks, including these sophisticated mobile-targeted phishing attempts. “Organizations should implement robust Mobile Device Management policies, ensuring that both corporate-issued and bring your own device items comply with security standards,” Tiquet said, “Regular updates to both devices and security software will ensure that vulnerabilities are promptly patched – safeguarding against known threats that target mobile users.” James Scobey, chief information security officer at Keeper Security, added that cybercriminals are not only relying on stolen credentials but also on social manipulation to breach identity protections. “Deepfake videos are a particular concern in this area, as AI models make these attack methods faster, cheaper and more convincing,” Scobey said, “as attackers grow more sophisticated, the need for stronger, more dynamic identity verification methods – such as multi-factor authentication and biometrics – will be critical to defend against these increasingly nuanced threats.”

Organizations should look to “shift left” and equip senior management and employees with the skills and tools to recognize and safely report a mobile phishing attacks, Mika Aalto, co-founder and CEO at Hoxhunt, said. “Ultimately, it comes down to people. Attackers will launch a complex attack with what might just be a simple phishing message,” Aalto warned, “it's up to people to be able to listen to that little voice in their head that is telling them that something is wrong, and report suspicious messages as a matter of habit.”

Mitigating The Second Wave Of Gmail Attacks—Consumer Advice From Google
Take Your Time
Most scams create a sense of urgency to demand a knee-jerk response and do something you might not given more time to think about it. So slow down, count to 10, or 20, ask yourself is this too good to be true, is this a sensible response.

Do Your Research
And talking of asking yourself is something is too good to be true, or is sending you to a genuine destination, Google recommended doing your research. “Double-check the details of an email,” Wen said, “can you validate the email address of the sender?”

Do Not Send
“No reputable person or agency will ever demand payment or your personal information on the spot,” Wen said. So, do not send anything. Just stop. Good advice.

Report It
Although you may wonder what the point in reporting these phishing attacks is, marking it as spam not only helps clean up your Gmail inbox but, Wen concluded, helps billions of other Gmail users too by adding to the threat intelligence Google’s AI defenses collect.

Follow me on Twitter or LinkedIn. Check out my website or some of my other work here.
Davey Winder
Davey Winder
Follow
Davey Winder is a technology journalist who covers cybersecurity news and research. He’s covered everything from the true story... Read More

Editorial Standards
Forbes Accolades