Overview

• Google has confirmed a renewed surge in phishing campaigns targeting Gmail, with stolen passwords and cookies fueling higher intrusion rates.
• Attackers are hijacking Google’s “suspicious sign in prevented” alerts, sending fake voicemail notifications and directing victims to pixel-perfect login clones on domains such as Microsoft Dynamics and SendGrid.
• Infostealer malware operations have escalated browser cookie and authentication token theft, enabling hackers to bypass multi-factor checks and capture one-time codes, Authenticator tokens and recovery credentials.
• Platform-level defenses including DKIM improvements, device-bound session credentials and the Shared Signals Framework are being rolled out but have yet to outpace evolving attacker tactics.
• Security experts urge users to avoid clicking links in unsolicited messages, review recent security events in their Google Account and adopt passkeys or non-SMS two-factor authentication.