Table of contents
- When Gmail becomes a danger: the illusion of legitimacy
- The fake Google tech stealing your identity
- Google: “We will never call to ask for recovery codes”ù
- What to do if you’ve been scammed
- Protect yourself: enable 2-step verification now
When Gmail becomes a danger: the illusion of legitimacy
Gmail, the world’s most used email service, is at the center of a new wave of cyber scams.
These are sophisticated phishing attacks that mimic official Google communications in every way, leading victims to unknowingly hand over their login details.
The fraudulent emails appear to come from authentic addresses and are written impeccably. They contain no errors or suspicious signals.
Added to this are phone calls from fake Google operators, capable of convincing even the most experienced users to provide recovery codes, believing they are protecting their account.
The fake Google tech stealing your identity
A very common scheme is that of the so-called “technician scammer”. The mechanism is simple but effective:
- You receive a call from someone claiming to be from Google Support
- The operator reports suspicious activity on the account and suggests taking immediate action
- They ask for your 2FA recovery code to “secure” your account
- In reality, the attacker uses the code to take full control
What makes this scam so effective is the emotional manipulation. “We’re trying to help you,” is the phrase many users reported hearing before being robbed of access to their profiles.
Google: “We will never call to ask for recovery codes”
Through its official channels, Google has confirmed the presence of this scam, declaring that it is not a large-scale attack, but a real and growing threat. The advice is only one: never provide codes or personal data over the phone, even if the number seems official.
Ross Richendrfer, Gmail spokesperson, strongly recommends users enable anti-phishing measures like security keys or passkeys, which are much harder for scammers to bypass.
What to do if you’ve been scammed
If you’ve fallen for the trick, you have 7 days to recover your Gmail account.
During this period, you can still use your original recovery email or phone number, even if the attacker has changed them.
Steps to recover:
- On Android: Settings → Google → Your Name → Manage your Google Account → Security → How you sign in
- On iOS: Gmail → Profile Picture → Manage your Google Account → Security → How you sign in
- On Chrome: Profile Picture → Manage your Google Account → Security → How you sign in
Google urges users not to attempt DIY solutions, but to follow the official procedures.
Protect yourself: enable 2-step verification now
The most effective defense is enabling 2-step verification.
For even better protection, use physical security keys. Google has also rolled out Gemini Nano protection in Chrome 137, detecting suspicious behavior directly on your device.
Questions and answers
- What is a Gmail phishing scam?
A fake email or phone call impersonating Google to steal your credentials. - Does Google ever call users?
No, Google will never contact you to ask for recovery codes or personal data. - What if I gave away my 2FA code?
Immediately start the official recovery process from Google. - How can I enable 2-step verification?
Go to “Manage your Google Account” → “Security” → “How you sign in”. - What are security keys?
Physical devices that prevent unauthorized logins. - Can I recover my Gmail after it’s hacked?
Yes, but you must act within 7 days using your original recovery data. - How can I spot a phishing email?
Check the sender’s address, avoid suspicious links, and don’t share personal info. - What is Gemini Nano?
An AI-based security layer in Chrome that blocks suspicious activities. - What should I do if I get a suspicious call?
Hang up immediately and report the number. - Is this scam illegal?
Yes. It is a criminal offense and should be reported to authorities.
