People who use the world’s most widely used email platform are being cautioned about a growing wave of scams that leverage victims’ phone numbers to seize control of accounts and, in some cases, get around additional security protections.
Because there are around 1.7 billion active accounts in circulation, Gmail remains a prime target for criminals attempting phishing, account takeover, and other hijacking tactics designed to steal personal data and access inboxes.
According to Reddit users who recently raised the alarm, this particular scam has spread quickly and can leave victims locked out not only of their email, but potentially their phone number as well—if they interact with the wrong message or website.
The scheme often begins with a text that appears harmless at first glance, presenting itself as ‘Gmail from Google’. The message then pushes the recipient to act quickly by clicking a ‘Recover Account’ link and entering their password.
Recipients say these texts commonly suggest your account is already under attack, using fear to make you respond before you’ve had time to think.
Some messages even point to supposed login attempts from places such as Venezuela or Bangladesh, the Mail reports.
If a user types their password into the linked “recovery” page—which is designed to mimic the real Google sign-in experience—attackers can capture those credentials and may be able to defeat two-factor authentication as well.
With inbox access secured, criminals frequently rely on ‘social engineering’ to expand their control beyond email. One method involves using personal information to persuade a mobile carrier to move the victim’s number onto a SIM controlled by the attacker.
Once that happens, password-reset codes and account recovery messages for other services can be routed to the criminal’s device, not the victim’s—potentially giving them access across multiple accounts.
There are, however, practical steps that can significantly reduce the risk of your Gmail being taken over.
At the simplest level, avoid clicking links from unexpected texts or emails—especially messages that don’t clearly identify you or arrive without any action on your part.
A major red flag is anything that tries to rush you with urgency, pressure, or threats, which is a standard tactic used in scams to prevent careful checking.
Because many phishing attempts now look convincingly authentic, it can also be worth strengthening protections around your mobile number to reduce the risk of a takeover.
To do that, contact your mobile provider and ask for extra security on your account—such as a SIM PIN, added verification steps for account changes, or a transfer lock that makes number porting more difficult.
Cybersecurity experts told the Mail that if you already have strong two-factor authentication set up within Gmail, you typically shouldn’t need to change your phone number, since additional verification can prevent many forms of account access.
Still, if you ‘start noticing interruptions’ to your cell service without a clear reason, it may indicate a SIM swap in progress or already completed—at which point you should contact your provider immediately and consider changing your number.