A tech leader like Google often seems invincible when it comes to cybersecurity attacks, but that is not the case. Earlier this month, the search giant confirmed that attackers had accessed one of its corporate Salesforce instances. According to a Google spokesperson, this system stored basic, and largely publicly available business information, such as contact details and notes from small and medium-sized companies. It did not store customer data from Google Cloud or consumer products like Gmail, Drive, or Calendar.
Google says it terminated the malicious activity, completed an impact analysis, and provided mitigations. Therefore, no further action is required by users.
Vishing calls target Gmail users
Hackers have reportedly accessed Google’s Salesforce database systems, exposing customer and company names. Google confirmed the incident and clarified that the information was mostly public business contact data and did not include passwords or payment information. The company stressed that the breach affected only a corporate Salesforce system, not consumer Gmail or Google Cloud accounts.
Still, attackers are exploiting the news of the breach to fuel phishing and vishing scams, tricking people into giving up sensitive information. According to PC World, some users have already reported an increase in phishing attempts that reference Google services.
One of the main tactics involves scam phone calls, also known as vishing. A Reddit post highlighted a wave of calls coming from the 650 area code, which is linked to Google’s headquarters. In these calls, scammers pose as Google employees and warn victims of a supposed security breach. They then instruct users to reset their Gmail password and share it with them. This locks the rightful owner out of the account and gives the attacker complete control.
Old infrastructure exploited with “dangling buckets”
Separately from the Salesforce incident, Google Cloud customers are also facing another type of attack. Hackers are trying to exploit outdated access addresses using a method called the dangling bucket. This can allow them to inject malware or steal data. Both businesses and individuals are vulnerable to losing control over sensitive information if targeted in this way.
Gmail and Google Cloud serve nearly 2.5 billion people, which makes the scale of the risk significant. Although the initial breach did not expose passwords, attackers are using the news of the incident to trick people into revealing their login details.
6 ways you can stay safe from scammers targeting Google accounts
Google accounts are often a prime target for scammers. The good news is that protecting yourself doesn’t require advanced technical skills. A few practical steps can drastically reduce your chances of becoming a victim.
1) Avoid clicking on phishing links
Phishing remains the most common way scammers steal Google account credentials. A fake email or text may claim your account has been locked or that you need to verify suspicious activity. Clicking the link usually takes you to a counterfeit login page that looks almost identical to the real Google sign-in screen.
To avoid falling for these tricks, check the sender’s email address carefully, hover over links before clicking, and avoid entering your Google password on any page that doesn’t start with accounts.google.com.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
TotalAV is easy to set up and offers real-time protection for paid users, keeping your devices safe around the clock. It includes tools to block phishing scams, remove ransomware and spyware, and clean up adware and junk files. The software also features a browser manager, system tune-up tools, and protects across Windows, Mac, Android, and iOS devices.
GET MY EXCLUSIVE CYBERGUY TOTALAV DEAL:
Please note:
1) If you're having difficulty seeing either of the above deals, do this:
- If you're on a mobile device, hold down the link above, "Copy Link", and then paste it into a private or incognito browser.
- If you're on a laptop or desktop, right click the link, "Copy Link", and then paste it into a private or incognito browser.
2) During registration you may see optional upsells you can decline. Our top pick is the core antivirus product.
3) If you need help after your purchase, you can reach TotalAV directly through their official support page here.
2) Change and save passwords securely
Reusing weak passwords across multiple sites is an open invitation for scammers. If one site is breached, your Google account becomes vulnerable. A strong, unique password is your first line of defense.
The easiest way to manage this is with a password manager. Set it up first so it’s ready to generate and save your new Google password automatically. A good manager can generate complex passwords, store them securely, and fill them in when you need them. This way, you never have to remember dozens of different logins, and attackers can’t guess their way in.
Next, see if your email has been exposed in past breaches. Our #1 pick, NordPass, includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.
- Unlimited password storage
- Secure sharing
- Password health reports
- Auto-fill and emergency access
- Data breach monitoring to alert you if your credentials have been exposed
- A Security Dashboard with tools like the Data Breach Scanner and Password Health Checker to identify weak, reused, or compromised passwords
CyberGuy Exclusive Deal: Save 52% now with CyberGuy’s exclusive NordPass offer – Get 1 extra month FREE with a 2-year plan. Try 30 days risk-free for only $1.43 per month!
If you use a password manager, let it generate and save your new Google password automatically. If not, create one yourself that’s long, unique, and hard to guess. Avoid reusing old passwords.
On a computer (Desktop/Laptop)
- Go to your Google Account page (e.g., via accounts.google.com or by clicking your profile picture and selecting “Manage your Google Account”).
- Navigate to the “Security” section on the left.
- Under “How you sign in to Google,” click “Password.”
- You may be asked to sign in again for verification.
- Enter your new password (ideally strong and unique).
- Click “Change Password” to confirm.
On Android devices
Settings may vary depending on your Android phone’s manufacturer
- Open Settings on your Android device.
- Tap Google, then select your account and tap “Manage your Google Account.”
- Go to the “Security” tab.
- Under “How you sign in to Google,” find and tap “Password.”
- Verify your identity if prompted.
- Enter your new password, then tap “Change Password.”
On iPhone or iPad (iOS)
- Either open the Gmail app and tap your profile picture → Manage your Google Account, or go to myaccount.google.com in a browser.
- Tap the “Personal info” tab (or “Security” tab, depending on layout).
- Scroll to “Password” under either “Other info and preferences for Google services” or “How you sign in to Google.”
- Verify your identity if required.
- Enter your new password, then tap “Change Password.”
If You’ve Forgotten Your Password (Password Reset)
- Go to the Google Account Recovery page.
- Enter your email address or linked phone number and click “Next.”
- You may be prompted to enter:
- The last password you remember.
- A code sent via email or SMS.
- Answers to security questions.
- If needed, click “Try another way” to use alternate recovery methods.
- Once verified, you’ll be prompted to create a new password and click “Save password” or “Change Password.”
What Happens After Changing or Resetting Your Password
- You’ll be signed out of most devices, except: The device used to change your password and some third-party apps or smart home devices with existing access.
It’s a good idea to review all devices signed into your account and sign out any unfamiliar ones. Enable Two‑Step Verification (2FA) for added protection, or better yet, switch to passkeys, which offer enhanced security and phishing resistance.
3) Delete personal data that puts you at risk
Scammers often use information they find online to craft convincing attacks. If your email address, phone number, or even past passwords are floating around on data broker sites, criminals have more tools to impersonate you or trick you into revealing more.
Using a data removal service helps clean up your digital footprint. By reducing the amount of exposed information about you, it becomes much harder for scammers to target you directly.
While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
Incogni, a service I trust 100% and use myself, helps automate the process by submitting removal requests to hundreds of data brokers and people-search sites on your behalf.
A Texas mom says she spent the night in jail after speaking up online about dirty water in her town. The case was later dropped, but her story raises a troubling question: could something you post online ever put you at risk?
Missed this event? Sign up via the registration form and see our live recording.
See Kurt’s Prime Day picks for useful gadgets, practical upgrades and everyday tech while the deals last.
Incogni automatically contacts data brokers on your behalf and requests the removal of your personal information. It also continues monitoring those sites and submits new removal requests if your data reappears.
- Incogni currently removes personal data from 420+ data broker and people-search websites, and its Unlimited plan allows you to request removals from as many additional sites as you need.
- Incogni has also received third-party assurance from Deloitte, validating its marketing claims.
- The goal is simple: make it much harder for strangers, scammers, and cybercriminals to find your personal information online.
CyberGuy readers get 60% off Incogni’s annual plans using the links in this article.
The service also includes a 30-day money-back guarantee, so you can try it risk-free and see how much of your information is exposed online.
Is your personal information exposed online?
Run a free scan to see if your personal info is compromised. Results arrive by email in about an hour.
4) Turn on two-factor authentication
Even the strongest password can be stolen, but two-factor authentication (2FA) adds an extra barrier. When enabled, Google will ask for a one-time code or prompt on your phone before granting access. That means even if a scammer manages to get your password, they can’t log in without also having your device.
Google offers several 2FA methods, from SMS codes to app-based prompts and even hardware security keys. For the best protection, choose app-based or hardware verification rather than text messages.
5) Keep your devices updated
Many scams rely on exploiting outdated software. If your phone, browser, or operating system isn’t up to date, attackers may use known vulnerabilities to install malware or hijack your session.
Set your devices to update automatically whenever possible. This ensures you’re always running the latest security patches, reducing the number of openings a scammer can use.
6) Regularly check Google account security settings
Google provides built-in tools to help users spot suspicious activity. By visiting your Google Account’s security page, you can see devices that have signed in, recent account activity, and whether recovery options like your phone number and backup email are up to date.
Running a Google Security Checkup only takes a few minutes and gives you a clear overview of any weaknesses. Think of it as a health check for your digital life.
Related Links:
- How to hand off data privacy for older adults to a trusted loved one
- The Data Broker opt-out steps every retiree should take today
- Stop data brokers from selling your information online
Kurt’s key takeaway
The incident is a reminder that even tech giants with vast resources are not immune to security lapses. While Google insists that no passwords, payment data, or Google Cloud/consumer product information were exposed, the wave of phishing and vishing scams shows how quickly criminals can weaponize even limited business contact details. What began as a breach of a corporate Salesforce system has become fuel for social engineering attacks that now threaten millions of everyday users.
Do you believe regulators should step in with stricter rules for how cloud providers handle security lapses? Let us know in the comments below.
FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Copyright 2025 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.
🎙 Now Streaming: My New Podcast: The CyberGuy Report
Kurt’s Top Deals
Deals move fast and inventory can be limited, so don’t wait too long.
| 🔥 Editor’s pick  Summer entertaining Ninja SLUSHi Machine (26% off) Frozen drinks and slushies at home in minutes. | |
| 💰 Top deal  Outdoor essential TYPEC Solar Bug Zapper (36% off) Solar-powered bug zappers for patios and camping. |
