Update, April 22, 2025: This story, originally published April 21, has been updated with further guidance from Google on how to recover a compromised Gmail account following recent attacks against users.
Gmail is under attack. That phrase should send shivers down your spine if you are one of the more than 3 billion people who use the world’s most popular email platform. The latest in a long line of threat campaigns is particularly dangerous in that it appears to come from Google itself. But with threat actors continually changing-up their attack methodologies, becoming increasingly more sophisticated thanks to the use of AI, and even employing automatic password hacking machines in their attacks, the danger to your email account and the data it unlocks continues to mount. Google is, of course, fighting back with upgraded security protections but the danger continues. If you fall victim to the latest Gmail hack attack, or any other that locks you out of your Google account, Google has said that you have seven days to get it back. Here’s what you need to know and do.
You Have Seven Days To Recover Your Account After A Gmail Hack Attack
The latest Gmail hack attack involves a sophisticated phishing campaign that employs the use of an OAuth application and what has been described as a “creative DomainKeys Identified Mail workaround” to fool victims into thinking a security alert email originated from Google itself. In other words, it has managed to bypass the exact protections that Google has put in place to help prevent such attacks in the first place. The good news is that Google has confirmed it is putting out updated protections that counter the threat methodology used in this attack. “These protections will soon be fully deployed,” a spokesperson said, “which will shut down this avenue for abuse.”
A Google spokesperson has also told me that anyone who finds themselves locked out of their Gmail account following a successful attack, where the hacker has changed their account password and recovery methods, still has seven days in which they can undo the damage and regain access to that hacked account.
Gmail Hack Account Recovery
Gmail spokesperson Ross Richendrfer told me that in those situations where an attacker has compromised a Google account and changed the password, or even added a passkey, to prevent the legitimate owner from being able to access it, acting quickly is the key to successful recovery. Obviously, using “phishing-resistant authentication technologies, such as security keys or passkeys,” in the first place, as Richendrfer advised, is highly recommended to prevent finding yourself in this situation in the first place. But if you do, then all hope is not lost.
“We recommend all users to set up a recovery phone as well as a recovery email on their account,” Richendrfer said, “these can be used in cases where users forget their own passwords, or an attacker changes the credentials after hijacking the account.” As the original account holder, following a Gmail hack, even if the attacker has changed your recovery telephone number, Richendrfer advised that you have 7 days in which that number can still be used to regain control of, and access to, your Gmail account. The same applies to your recovery email. “When you change your recovery email,” Richendrfer said, “you may be able to choose to get sign-in codes sent to your previous recovery email for one week.”
Think of a Gmail recovery phone number as being like using a seatbelt in your car; it drastically improves your safety when you use it. With everything from AI-driven phishing attacks to the use of infostealer malware being deployed in the Gmail account takeover attack chain, extra confirmation by way of that phone number can help keep attackers at bay. Google has told me in the past that occasionally asking for a verification phone number before you can sign into your Google account adds an extra layer of protection for Gmail users.
- Your Gmail recovery phone number can be used in a number of ways:
- To send you a code to get into your account if you’re ever locked out
- To block someone from using your account without your permission
- To make it easier for you to prove that an account is yours
- To tell you if there’s suspicious activity on your account
You should, of course, ensure that this number is associated with, and only with, a smartphone that belongs to you and is regularly kept with you. If that phone is shared with others or left lying around, then the protection a recovery number can provide is weakened. To add or change a recovery phone number or email on Android, open your device settings app, hit Google, followed by your name, and the Manage your Google account option. Now head for the security section, where it says “how you sign into Google,” and you can select options for a recovery phone or recovery email. You will likely be asked to sign in before getting any further, but the selection process is very straightforward and takes no time at all.
Getting Human Help Recovering After A Gmail Hack Attack
Although you might not think it, it is actually possible to get help with recovering your Google account after a lockout attack from a real human being rather than just going through the automated online steps. If you subscribe to Google One’s premium service, then you may be able to get that human assistance. This is because Google One Premium brings with it the benefit of “enhanced access to support” alongside extra data, storage and dark web monitoring. Although I have not been able to find a definitive answer from Google as to what, exactly, is covered by this enhanced access to support, I have done a bit of digging around the various options offered to me as a Google One premium subscriber myself. By describing an issue of not being able to access my Gmail account as I had been locked out by attackers, I was presented with a number of support options which narrowed the problem down even further and eventually led me to an option to get a callback from Google. Yes, an actual human being working at Google I could speak to. What’s more, during the research, I was promised this callback within a waiting time of just one minute. An online chat option was also offered for those who prefer not to speak, although the waiting times for such a response were considerably longer.
You can find more details on recovering a Google account following a successful Gmail hack here.