In a statement published on Monday, the company made it clear that the panic resulted from misinformation. “Several inaccurate claims surfaced recently that incorrectly stated that we issued a broad warning to all Gmail users about a major Gmail security issue,” Google wrote. “This is entirely false.”

The confusion arose after multiple outlets reported that users had been advised to reset their passwords due to a large-scale compromise.

Many Gmail account holders were surprised, having never received any such notification. The figure of 2.5 billion suggested the warning should have reached everyone, yet it did not.

Behind the rumours lies a smaller incident that occurred in June. Hackers linked to groups such as ShinyHunters and Scattered Spider breached a Salesforce database Google uses to manage advertiser contacts.

The attackers gained entry through social engineering, posing as IT staff before deploying malware.

The data they accessed included business names, contact details, and CRM notes, but no Gmail passwords, emails, or private content. Those affected were notified directly by early August.

While the Salesforce breach did not expose Gmail itself, it triggered a surge in phishing and impersonation attacks. Fraudsters have been exploiting the stolen information to send fake support emails and even make phone calls, a tactic known as “vishing.”

According to Google’s Threat Intelligence Group, phishing and vishing now account for 37% of successful account takeovers across its platforms.

The company stressed that its defences are robust, blocking the vast majority of threats. “While it’s always the case that phishers are looking for ways to infiltrate inboxes, our protections continue to block more than 99.9% of phishing and malware attempts from reaching users,” Google explained in its blog post.

Google also used the opportunity to encourage stronger digital habits. It recommends adopting passkeys, biometric-based alternatives to traditional passwords, and staying alert for suspicious emails or calls.

Although last week’s reports led some users to reset their Gmail credentials in fear of a breach, cybersecurity experts point out that regularly updating passwords is still good practice. The bigger lesson is the importance of clarity, panic spread quickly because a blog about phishing trends was mistaken for a global warning about Gmail itself.

Currently, Gmail users are not under the sweeping threat that headlines suggested. The risk is phishing, not a collapsed wall of Google’s email security.

These threats exploit personal information, such as names, birthdays, and shopping habits, to craft convincing fraudulent communications that urge immediate action, like clicking on malicious links or divulging sensitive information.

According to Gartner, phishing remains a top cybersecurity threat, with attackers employing multiple channels – including email, text messages, voice calls, and QR codes – to gather information and compromise systems.

The sophistication of these attacks has increased, making them harder to detect and more damaging when successful.

Cybersecurity is an ongoing battle. The recent attacks on major retailers have shown that no one is immune.

If you receive an unexpected message or call requesting sensitive information, it’s crucial to pause and verify. When in doubt, hang up, don’t click, and don’t respond.

To protect yourself and your organisation, consider the following best practices:

• Be Skeptical of Unsolicited Communications: Treat unexpected calls, emails, or texts with caution, especially if they request personal information or prompt immediate action.

• Verify Before You Act: Instead of clicking on links or calling numbers provided in suspicious messages, independently search for official contact information to confirm the legitimacy of the request.

• Avoid Sharing Sensitive Information: Legitimate organisations typically do not request sensitive data through informal channels. If you’re unsure, refrain from sharing personal details until you’ve verified the request.

• Stay Informed About Emerging Threats: Attackers continuously adapt their methods. Staying updated on the latest phishing tactics can help you recognise and avoid new forms of deception.

Gartner’s research highlights the need for a risk-based approach to threat management, focusing on the most likely and impactful cybersecurity threats.

By prioritising threats like phishing and credential abuse, organisations can allocate resources effectively to mitigate risks.

It’s time to stop dreading cybersecurity and start mastering it. By staying alert and informed, we can prevent attacks and protect our digital lives. Stay alert. Prevent attacks. Stay informed.

Unlike email scams (known as phishing), vishing happens over the phone. Recent studies have highlighted a dramatic escalation in vishing attacks.

The 2025 CrowdStrike Global Threat Report documented a 442% surge in vishing incidents from the first to the second half of 2024.

Additionally, research from Enea indicates that vishing, smishing, and phishing attacks have increased by 1,265% since the launch of ChatGPT.

John Mc Loughlin, cybersecurity expert and CEO of J2 Software, says this type of scam is becoming more common – and more convincing.

“Here’s how it usually works: a scammer calls you, pretending to be from your bank or another trusted company.”

“They’ll say your account has been hacked and then ask you to ‘verify’ your identity by giving them private information like your PIN or password. Because the call feels urgent and sounds real, people often fall for it,” he warns.

Vishing versus Phishing

The Oxford Dictionary defines vishing as a scam where someone pretends to be from a trusted company and tricks one into giving out personal details, like bank or credit card information.

“While both vishing and phishing aim to steal your private info, the big difference is how they do it. Phishing usually comes through fake emails or websites. Vishing uses voice calls or voicemails to create a sense of urgency and pressure you into acting quickly. This voice approach can feel more personal – and more convincing,” he explains.

Scammers are also getting smarter. They now use spoofing technology to make it look like they’re calling from a real company, which makes these calls even harder to spot. That’s why it’s more important than ever for both people and businesses to update their security measures and focus on education and awareness.

How to protect yourself from Vishing

Here are a few simple tips to help stay safe:

• Don’t give out personal info over the phone, especially if the call was unexpected.
• Hang up if something feels off. Trust your gut.
• Double-check who’s calling. Instead of trusting the caller ID, call the company back using their official number.
• Use spam call blockers. Many phones and apps can help block scam calls before they reach you.

Stay Alert, Stay Safe

Fighting cybercrime isn’t just about having the right tech – it’s also about being aware and cautious. Whether you’re at home or work, being informed about scams like vishing helps keep your personal and company data safe.

“The bottom line? Stay alert, ask questions, and don’t let a phone call rush you into sharing sensitive information. That’s how we can all stay one step ahead of the scammers,” he concludes.

More about J2 Software

J2 Software is a cyber security-focused technology business founded in 2006 to address the critical need for effective cybersecurity, governance, risk, and compliance solutions that are practical and purpose-built. With the continued rise of cybercrime, identity theft, and confidential data leakage, J2 Software’s mission is to provide managed cyber security services that are not just a competitive advantage but an absolute business necessity.

Its comprehensive managed cyber security services cater to businesses of all sizes, ensuring greater visibility to identify risky behaviour and enhancing the capability to respond effectively to prevent losses. The team understands that cybersecurity is essential for protecting valuable assets and maintaining business continuity.

J2 Software delivers essential tools that empower organisations to take control of their technology spend. Its hand-picked solutions, combined with expert services, provide complete visibility over our customers’ environments while reducing risk and lowering costs.

With a dedication to improving the cyber resilience of our customers, J2 Software has expanded its reach globally, serving more than 700 customers across 5 continents. Its commitment to innovation, reliability, and customer satisfaction has made the company a trusted partner in the ever-evolving landscape of cybersecurity.