Gmail

By Joe Lombardi From Daily Voice

It starts with an email that looks official, but isn’t.

Google is warning all Gmail and Google Cloud users to change their passwords and boost account security after a surge in phishing and impersonation scams tied to a breach at Salesforce. 

While Google’s own systems were not directly compromised, the third-party breach exposed information that hackers are now using in targeted attacks.

The schemes include emails and phone calls designed to trick users into revealing their credentials. 

Some attackers are posing as IT staff, pressing victims to hand over login codes.

 Others are launching “vishing” — voice phishing — campaigns that rely on personal details obtained from the Salesforce breach.

Cybersecurity experts caution that attackers are escalating their tactics. Hackers may even be preparing to launch a data-leak site to further pressure victims with extortion threats.

To protect accounts, Google is urging users to take immediate action:

  • Update your password: Log in to myaccount.google.com and choose a new, unique password.
  • Enable two-factor authentication: Add a second layer of protection to block unauthorized access.
  • Consider passkeys: Adopt passwordless sign-ins for stronger security.
  • Stay vigilant: Avoid clicking links in suspicious emails or texts, and ignore calls asking for login information.
  • Check account activity: Review the “Security” section at myaccount.google.com for unusual sign-ins.

Phishing and impersonation scams have been on the rise in the last few years, but the Salesforce-linked breach is giving attackers a wider pool of data to exploit. 

Google’s message is clear: updating passwords and enabling stronger protections now could prevent accounts from being compromised later.