Google Security Scam - Protect Yourself

Red Flags

• The Unsolicited Call: Scammers use AI to mimic a professional Google representative, claiming your account has been breached. Google will never call you out of the blue to discuss security alerts or ask for your password.
• Spoofed Email Addresses: Fraudulent emails often appear to come from legitimate addresses like no-reply@google.com or no-reply@accounts.google.com. They use urgent language (e.g., "Account locked") to panic you into clicking a link.
• Verification Code Requests: A common tactic is for a scammer to try to log into your account, which triggers a real Google security code. They then call you and ask you to read that code back to them to "verify your identity".
• Fake Security Apps: Some scams prompt you to install a "security tool" or "Progressive Web App" (PWA) that looks like an official Google app but actually spies on your device and steals passwords.
• Business Profile Scams: Scammers call small businesses claiming to be "with Google," demanding payment to keep a Google Business Profile active or boost its ranking.

Protect Yourself

1. Don't Click Links: If you receive a security alert, do not click links in the message. Instead, go directly to your Google Account Security Checkup to verify activity.
2. Never Share Codes: Google will never ask for your passwords, two-factor authentication codes, or other sensitive info over the phone.
3. Check the URL: Hover over links to see the true destination. Scammers often use sites.google.com to host phishing pages because the domain looks trustworthy.
4. Report the Scam: Use Gmail's "Report phishing" button (found under the "More" icon in the top right of an email) to help Google block these attackers.
5. Enable Advanced Security: Turning on Two-Step Verification (2FA) adds a vital layer of protection. For high-risk accounts, consider the Google Advanced Protection Program which requires a physical security key.