Update, March 17, 2025: This story, originally published March 16, has been updated with details of new attack methodologies that Trend Micro recommends users be aware of as Gmail account lockdown hacks continue.
As the FBI takes the unusual step of warning users of webmail platforms, including Gmail, to enable two-factor authentication in the light of a dangerous new ransomware threat campaign, Google email users still have more mundane hacking threats on their minds. Take a quick dive into any of the online forums offering support to Gmail users, be that the official ones from Google or the very active Gmail subreddit, and one topic currently dominates the conversation: my account has been hacked and I’m locked out.
I can’t say I’m surprised that this is the case. Gmail is by far the most popular free email platform on the planet, not just with email users but also for assorted threat actors, scammers and hackers. If a Gmail account hacker has taken full control, including changing your telephone number, email address, password and second authentication factor method, then all may seem lost. Irrevocably lost. Hold on, though. Google has some good news for you, as it is possible to recover your account as long as you act within seven days. Here’s what you need to do.
How To Recover A Hacked Gmail Account
The most important thing to do when it comes to recovering a hacked and compromised Gmail account, according to Google spokesperson Ross Richendrfer, is to act quickly. Obviously, acting quickly enough to prevent the attacker from locking you out in the first place would be best, so employing a phishing-resistant authentication methodology like a passkey would be ideal. But if you’re already locked out, it’s too late for that. Keep that in mind for the future, though.
Google recommends that all Gmail users have a recovery telephone number and recovery email address attached to their Google account. “These can be used in cases where users forget their own passwords,” Richendrfer said, or just as critically, “if an attacker changes the credentials after hijacking the account.” This is where the time limitation comes in, though. Gmail users have a seven-day grace period following any recovery phone number change during which they, as the original account holder, can regain control of the account, Richendrfer advised.
This number should, of course, ideally be for a smartphone that belongs only to the Gmail account holder, is used regularly by that person and kept on their person. “When you change your recovery email,” Richendrfer said, “you may be able to choose to get sign-in codes sent to your previous recovery email for one week.” Google has provided more help with Gmail account recovery online.
Stop Gmail Account Lockdowns Before They Begin—Target The Source Attacks
The problem with Gmail account lockdown hacks is that they always start somewhere else. Tackling the issue at the source of the attack is the answer to mitigating the potential impact and preventing having to resort to using that seven-day lifeline that Google has provided. While many of the attack routes will be familiar territory to most readers, a new report from Trend Micro has seen numerous security experts recommend people need to be alert to new approaches to getting hold of their account login information.
Perhaps unsurprisingly the main thrust of the Trend Micro research is looking at how AI is being used to make the lies that are used to get victims to click on links or divulge login credentials. Attackers can use AI technology itself to create believable lies and, increasingly, are using AI technology itself as the bait for these phishing attacks. “Crafting lies about ChatGPT or VR can be effective due to the interest they generate,” Trend Micro said. Then there is what the researchers referred to as an AI-based dynamic lie system. “Such a system would automatically contact and interact with the user to earn their trust,” they said, and do so before the attack itself is launched in earnest. By automating a first wave of simplistic scam emails, an attacker can quickly gauge whether potential victims are likely to respond when a more sophisticated attack is executed. “Between the first two to three emails,” Trend Micro explained, “once a user is identified to be prone to being scammed, control would be passed to the human scammer.” The human then continues to complete the scam having gained enough trust.
The takeaway for Gmail users, along with everyone else, is to never trust and always verify.