Google has alerted all Gmail users that a warning sent to their phones about suspicious account activity may be fake and designed to hijack their phones.
In February, a Reddit user revealed that they had received a message from ‘Gmail from Google’ telling them their email account was compromised and needed to be recovered.
‘Previously, there were several emails informing me that there were “sign on attempts” from a few IP addresses located in Venezuela, Bangladesh, etc,’ the Gmail user posted.
However, the alert was a scam that tricked the victim into clicking a link, which opened their mobile device to a phony Google webpage that stole the person’s password and cell phone number.
While Google does send out legitimate ‘suspicious sign-in prevented’ notifications when hackers target accounts, the tech giant admitted that cybercriminals have been copying the messages to scare customers into handing over access to their accounts.
Google warned: ‘Always be wary of messages that ask for personal information like usernames, passwords, or other identification information, or send you to unfamiliar websites asking for this information.’
The Reddit user revealed they had reused their Gmail password across multiple websites, potentially giving scammers access to most of their online activity.
The victim said they only realized they had been scammed by a fake phone alert after checking the official Google account records of activity and finding there was never any suspicious sign-in detected.
Google has warned that hackers are making fake warnings that Gmail users had suffered an unauthorized access in their accounts (stock image)
Once a victim opens this malicious link using their phone, the phishing scam can compromise this mobile device itself, especially on Android phones, as malware disguised as a ‘Google security check’ may be downloaded into the device.
This can lead to the device being fully hijacked, allowing hackers to spy on the phone’s activity, steal data stored or entered on the device, and potentially gain remote access to the phone.
In their Account Help center, Google recommended Gmail users take six immediate steps if they ever receive ‘suspicious sign-in prevented’ on their phones.
Without clicking on any link that may have been sent along with the Gmail warning, the tech giant urges users to first go to their Google Account.
Once on the page, users will see their email displayed at the center of the screen, and to the left, there will be a navigation panel where they need to click Security.
The third step is to review your most recent security alerts by clicking on the ‘Recent security events’ panel.
There, any suspicious logins over the last month will be posted with the time and location of the sign-in. Google users should suspect something is wrong if they see a sign-in from a state or country they have never visited, or at times when they knew they were not online.
If you see activity that Google would call ‘unfamiliar,’ Gmail users can then click the option to ‘secure your account’ at the top of the page.
Google recommends that anyone receiving the emails avoid clicking links sent and go straight to their Google Account page
Google has reported that the number of ‘suspicious sign-in prevented’ emails sent has sharply increased since last year (stock image)
From there, Google will guide users on how to change their password. However, cybersecurity experts urge all of Google’s 1.8b illion Gmail users to also enable two-factor authentication.
This adds another layer of security by sending a secret code to a person’s phone, email or to the Authenticator app when they log into certain sites.
Google confirmed in August 2025 that hackers were stepping up their attacks on Gmail in an effort to gain more passwords and potentially access millions of accounts around the world.
This included more fraudulent ‘suspicious sign-in prevented’ emails being sent to fearful Gmail users who panic and click the link, hoping to secure their digital lifelines.
‘I panicked. Normally, I would recognize this as phishing, but it had never happened on the phone before, and I clicked on the link, “signing on,” which gave the scammer my Gmail password,’ the Reddit user explained.
Cyber experts have previously warned the Daily Mail that email users also need to use strong, complex passwords to secure their accounts from hackers who may try to guess them. It is also considered good ‘digital hygiene’ to not continually reuse the same passwords all over the internet.
‘Why, in 2026, would you use the same password on multiple sites?’ one person asked the Reddit user.
‘2FA [two-factor authentication] can be annoying or cumbersome at times, but with it on, you should be fine from now on. Faith in the Authenticator app!’ another person added.
