Can Google Critical Security Alert be a scam? Learn how to recognize it

The Google Critical Security Alert is a security feature that notifies you every time you log in to your account with a different device or if there’s an attempt to access your account from an unknown device. Typically, you receive an email alert from Google checking whether the login was intended and legitimate. If it was you who logged in from a new device, you can ignore the alert. However, if it wasn’t you or you cannot recognize the device that attempted to connect to your account, you are prompted to check your Gmail account for suspicious activity.

Many users receive these warnings after buying a new device, signing in from another computer, or browsing behind a proxy or a VPN server. Because using a proxy or a VPN server changes your IP address, Google identifies your connection as coming from a new device.

Unfortunately, hackers have found ways to exploit Gmail’s security alert and create phishing emails that replicate those coming from Google. These scam emails usually notify users of a new attempt to sign in, claiming that Google blocked the attempt and asking the user to check their account activity. However, the email link that would normally lead to the user’s Google security page leads to a malicious website instead or downloads malware directly onto the user’s device.

In other cases, the user may receive an email notifying them of unauthorized access and asking them to reset their password immediately. In this scenario, the button to reset the password leads to a spoofed website that looks similar to a legitimate Google login page. However, if the user enters their details here, their credentials are sent directly to the hacker.

You can check if Google’s security alert is legitimate by thoroughly reviewing the email’s content and checking the sender’s details. The most important thing is to take the precautionary steps before you follow the instructions in the email.

Legitimate security alerts from Google typically come from the no-reply@accounts.google.com mailbox. Make sure to always check the sender’s email address and never click any links or download attachments if the address differs from the one provided.

Security emails coming from Google often include personalized details, such as your name or some of your Google account details. They are also written in clear language, without grammatical or spelling mistakes. If you receive an email that seemingly comes from Google but is particularly generic and poorly written, it’s probably a scam. Also, Google will never ask you to provide your sensitive data, such as login or bank account details, over an email.

Even if the security alert looks genuine, hover over the links provided in the email before clicking on them and check if their URLs will lead you to an official Google domain.

Furthermore, rather than clicking on any links, it’s better to access your Google account directly through your web browser. You can safely check your account activity by visiting your Google account security checkup page. Here, you can see what and how many devices are currently signed in, check recent security incidents, and see which third-party apps have access to your account.

If you clicked on links from a Google security alert scam email, downloaded attached files, or entered your personal details on a spoofed website, it may mean that your Gmail account has been hacked. Try the following steps to save your account and personal details.

• Report phishing emails. You can do that by opening the email, clicking three vertical dots next to the reply button, and choosing the “Report phishing” option. You can also report scam attempts through the Google Safety Center.
• Run a Google account security checkup. This step will help you to address any security issues within your account. To run the checkup, you’ll need to sign in to your Google account. Once you’re in, open the “Security” tab, where you’ll find the “Security checkup” section. Here, you’ll be able to review recent security alerts and check the list of devices that have recently accessed your account.
• Review sensitive information tied to your account. By knowing what data may have been compromised, you can make the necessary changes to mitigate the risks. For instance, you can revoke unrecognized devices’ access to your account, change your login credentials so that hackers won’t be able to access your account, and report the possible data breach to necessary institutions, such as your bank.

You can make your Gmail account more resilient to phishing attempts by applying the below measures:

• Create strong passwords. For your online accounts to be adequately protected, you should use passwords that are at least eight characters long and combine upper-and lowercase letters, numbers, and special characters. If remembering a bunch of complex passwords sounds too much for you, you can always use a password manager, such as NordPass.
• Enable two-factor authentication (2FA). 2FA adds another layer of security to your existing password because it prompts you to provide additional information to prove your identity. It may be a one-time code sent to your device or a piece of biometric data, such as a face or fingerprint scan.
• Set up recovery info. You should always make sure that your Gmail account recovery information – your backup email or a phone number – is current. If your account is ever compromised, recovery information will help you regain access to your account and ban cybercriminals from it.

You can generally stop Google Critical Security Alerts from sending emails whenever you connect to your account from a different device. To do that:

1. Sign in to your Google admin console and open its home page. Go to “Settings,” tap “Security rules,” and then click “Suspicious login.”
2. Tap “Actions.”
3. Find the “Send email notification” section and uncheck “All super administrators” and “Send email notifications” boxes.
4. Click “Next: review.”
5. Tap the “Update rule” option.

However, keep in mind that you will still receive security alerts whenever you connect to your account from a new, unrecognized device.