Upcoming Gmail Security Alert AffectsOver 2.5 Billion Users: Second Potential Cyber Breach Approaching

Upcoming Gmail Security Alert for Over 2.5 Billion Users: Second Assault Wave Approaching

Update, Dec. 19, 2024: This story, originally published on Dec. 18, now includes details of newly released warnings regarding phishing attacks targeting Gmail and various other email platforms.

As warnings emerge that a renewed wave of cyber assaults directed at Gmail users is imminent due to persistent attackers, Google has unveiled the specific techniques employed and initiated suggested security measures for all of the 2.5 billion Gmail users worldwide. Here's what you need to know.

Google Acknowledges Email Scams Increasing—What Gmail Users Need To Understand

While there's been a 35% decrease in phishing attacks compared to last year during this holiday season, according to Andy Wen, Gmail's senior director of product management, attackers remain incredibly persistent and tend to launch a second wave of attacks around this time of the year. Since mid-November, Google has reported a significant surge in email traffic, significantly increasing the challenge of protecting Gmail inboxes.

Gmail's enormous user base of more than 2.5 billion, as reported by the company itself, makes it an unsurprising target for attackers. Google takes this issue seriously and spends substantial resources to block over 99.9% of spam, phishing, and malware in Gmail, Wen said.

Google Publishes New Blog Post Detailing Spam And Scam Protection Measures

In a recently published blog post, Wen explained that Gmail users reported fewer than a third as many scams in the first month of this holiday season in 2024 compared to 2023. This resulted in the blocking of millions more unwanted and potentially harmful messages before they even reached user inboxes, according to Wen. Here's the protection and threats Google has warned against as 2024 draws to a close.

New AI Models Protect Gmail Users From Cyber Attacks

Google is proud to highlight its new technology for safeguarding billions of Gmail users from threats. “This year, we developed several groundbreaking AI models that significantly strengthened Gmail's cyber defenses,” Wen said, while explaining that a new large language model trained on phishing, malware, and spam enabled 20% more spam to be blocked through the identification of malicious patterns.

Another AI model introduced just before Black Friday, according to Wen, instantly evaluates hundreds of threat signals when a risky message is flagged and deploys the appropriate protection, all within the blink of an eye.

Second Wave Of Gmail Attacks—What To Look Out For

Google has warned that a second wave of cyber attacks against Gmail users is upcoming and has specifically highlighted three frequently used techniques at the moment:

Gmail Extortion Scams

Sending an email containing information about the victim's home address, also known as the “We know where you live” attack, is one of these vicious and intimidating scams. They often include threats of physical harm or the release of damaging personal information obtained through a hack.

Gmail Invoice Scams

Sending fake invoices to trick the recipient into disputing charges, which can be done for a fee, is another common attack. These negotiations are often conducted over the phone using a number provided in the Gmail message.

Gmail Celebrity Scams

These scams fall under the brand impersonation category, with the impersonated brand being a well-known individual. Over the past month, many of the most common scams appearing reference famous people, either purporting to be from them directly or claiming they endorse a random product.

All Email Users Must Stay Vigilant Against Phishing Attacks—The Reasons Why

While it's understandable to focus on Gmail threats alone, it's crucial to remember that all phishing threats pose a concern for users of all email platforms. Newly published research suggests that phishing attacks targeting user passwords increased by more than 700% in the second half of 2024, according to SlashNext.

SlashNext experts indicated that there's a significant surge in credential theft attacks, which is accompanied by an escalation in the utilization of advanced phishing kits and social engineering techniques. Specifically, email attacks have seen a surge over 200%, according to their analysis. This increase in phishing attempts has led individual users to encounter at least one sophisticated phishing link every week that can bypass traditional network security measures. Strikingly, a majority of these links, around 80%, are zero-day links, which were undetected by researchers and vendors beforehand.

Callie Guenther, senior manager of cyber threat research at Critical Start, stated that the surge in email-based threats is linked to the integration of various attack vectors. These hybrid attacks involve the combination of malicious links, QR codes, and attachments to bypass traditional defense mechanisms. Additionally, Guenther highlighted that social engineering and AI-driven phishing campaigns are driving a shift towards targeted attacks that make use of stolen credentials on a large scale. The cybercriminals then exploit these compromised accounts to execute internal phishing, invoice fraud, or real-time collection of one-time passwords.

Nicole Carignan, vice president of strategic cyber AI at Darktrace, expressed concern over the persistence of successful phishing attempts despite the enhanced focus on email security. She pointed out that many current security tools rely on historical attack data to identify and prevent known email threats. However, this method often falls short in identifying new or unknown threats.

Preventing a Second Wave of Phishing Attacks on Gmail

Take Your Time

Scams often create a false sense of urgency to encourage a hasty response. Therefore, it's crucial to pause, take a breath, and consider if the situation is plausible before responding.

Conduct Your Investigation

In addition to pausing and reflecting, Google suggests double-checking the authenticity of e-mail details, such as verifying the sender's email address.

Refrain from Sending Any Information

Reputable organizations or agencies will never demand immediate payment or personal information. Thus, it's essential to resist the urge to send any information in response to suspicious emails.

Report the Phishing Attempt

Despite believing that reporting phishing attacks may not serve a purpose, marking them as spam not only keeps your Gmail inbox clean but also contributes to the cumulative threat intelligence that Google's AI defenses utilize to protect billions of Gmail users.

In response to the imminent wave of cyber attacks targeting Gmail users, Google has issued a security warning, advising users to be vigilant against phishing attacks.
The recently released warnings include details of Gmail phishing scams, warning users about the 'We know where you live' attack, fake invoices, and celebrity impersonations.
Google's AI defense system has introduced new models to combat these attacks, such as a large language model that blocks 20% more spam based on malicious patterns, and an instant threat evaluation system that deploys protection upon flagging risky messages.
The second wave of Gmail attacks is a concern for all email users, as SlashNext's research shows a 700% increase in password phishing attacks in the second half of 2024, a surge of email attacks over 200%, and the prevalence of zero-day links bypassing traditional network security measures.
To prevent these attacks, Google advises users to take their time before responding, conduct investigations to verify email details, refrain from sending any information in response to suspicious emails, and report phishing attempts to contribute to the AI defense system's threat intelligence.