Share and Follow
Google has issued a warning to all Gmail users, indicating that alerts they receive on their phones about suspicious account activity might be fraudulent and intended to compromise their devices.
Back in February, a Reddit user shared their experience of receiving a message from ‘Gmail from Google,’ which claimed that their email account had been compromised and required recovery.
The user mentioned, “Earlier, I received several emails notifying me of ‘sign on attempts’ from various IP addresses located in Venezuela, Bangladesh, and other locations.”
Unfortunately, this alert turned out to be a scam, tricking the recipient into clicking a link that led them to a fake Google webpage. This deceptive site then captured their password and phone number.
Although Google does send genuine notifications about preventing suspicious sign-ins when accounts are targeted by hackers, the tech giant acknowledges that cybercriminals have been mimicking these alerts to frighten users into giving up access to their accounts.
Google warned: ‘Always be wary of messages that ask for personal information like usernames, passwords, or other identification information, or send you to unfamiliar websites asking for this information.’
The Reddit user revealed they had reused their Gmail password across multiple websites, potentially giving scammers access to most of their online activity.
The victim said they only realized they had been scammed by a fake phone alert after checking the official Google account records of activity and finding there was never any suspicious sign-in detected.
Google has warned that hackers are making fake warnings that Gmail users had suffered an unauthorized access in their accounts (stock image)Â
Once a victim opens this malicious link using their phone, the phishing scam can compromise this mobile device itself, especially on Android phones, as malware disguised as a ‘Google security check’ may be downloaded into the device.
This can lead to the device being fully hijacked, allowing hackers to spy on the phone’s activity, steal data stored or entered on the device, and potentially gain remote access to the phone.
In their Account Help center, Google recommended Gmail users take six immediate steps if they ever receive ‘suspicious sign-in prevented’ on their phones.
Without clicking on any link that may have been sent along with the Gmail warning, the tech giant urges users to first go to their Google Account.
Once on the page, users will see their email displayed at the center of the screen, and to the left, there will be a navigation panel where they need to click Security.
The third step is to review your most recent security alerts by clicking on the ‘Recent security events’ panel.
There, any suspicious logins over the last month will be posted with the time and location of the sign-in. Google users should suspect something is wrong if they see a sign-in from a state or country they have never visited, or at times when they knew they were not online.
If you see activity that Google would call ‘unfamiliar,’ Gmail users can then click the option to ‘secure your account’ at the top of the page.
Google recommends that anyone receiving the emails avoid clicking links sent and go straight to their Google Account page
Google has reported that the number of ‘suspicious sign-in prevented’ emails sent has sharply increased since last year (stock image)Â
From there, Google will guide users on how to change their password. However, cybersecurity experts urge all of Google’s 1.8b illion Gmail users to also enable two-factor authentication.
This adds another layer of security by sending a secret code to a person’s phone, email or to the Authenticator app when they log into certain sites.
Google confirmed in August 2025 that hackers were stepping up their attacks on Gmail in an effort to gain more passwords and potentially access millions of accounts around the world.
This included more fraudulent ‘suspicious sign-in prevented’ emails being sent to fearful Gmail users who panic and click the link, hoping to secure their digital lifelines.
‘I panicked. Normally, I would recognize this as phishing, but it had never happened on the phone before, and I clicked on the link, “signing on,” which gave the scammer my Gmail password,’ the Reddit user explained.
Cyber experts have previously warned the Daily Mail that email users also need to use strong, complex passwords to secure their accounts from hackers who may try to guess them. It is also considered good ‘digital hygiene’ to not continually reuse the same passwords all over the internet.
‘Why, in 2026, would you use the same password on multiple sites?’ one person asked the Reddit user.Â
‘2FA [two-factor authentication] can be annoying or cumbersome at times, but with it on, you should be fine from now on. Faith in the Authenticator app!’ another person added.