Gmail users are under attack, with a sophisticated phishing campaign using an OAuth application and DomainKeys Identified Mail workaround to bypass security protections. However, Google has confirmed it is deploying updated protections to counter the threat methodology.
If you find yourself locked out of your Gmail account following a successful attack, where the hacker has changed your password or recovery methods, you have seven days to undo the damage and regain access. Acting quickly and using “phishing-resistant authentication technologies” such as security keys or passkeys can prevent finding yourself in this situation.
To recover your account, set up a recovery phone number and email, which can be used to send codes for sign-in, block unauthorized access, prove account ownership, and detect suspicious activity. Ensure the recovery phone is associated with only your device and regularly kept with you.
Google offers human assistance through its premium service, Google One, for those who subscribe to it. Enhanced support includes “dark web monitoring” and extra data storage, alongside a one-minute callback option. If you’re unable to access your account due to hackers, Google’s human support team can provide guidance to help you regain control.
Key steps to recover your Gmail account:
– Set up a recovery phone number
– Use phishing-resistant authentication technologies
– Update your security settings on Android
For more information on recovering a hacked Gmail account, visit the official Google support page.
Source: https://www.forbes.com/sites/daveywinder/2025/04/22/gmail-hack-attack—google-says-you-have-7-days-to-act