Technologies

Gmail Hacked? How to Get Your Account Back and Tighten Your Security

Gmail accounts are being compromised in a sophisticated phishing attack. If you lost access to your account, here’s what you can do – and how to be better prepared.

Gmail users are again falling victim to a sophisticated phishing attack that is locking victims out of their accounts. While these sorts of attacks are nothing new, cybercriminals now have AI on their side to help them come up with new ways to trick people into falling for their traps.

Right now, that trickery is taking the form of an email that looks convincingly like it’s from Google, with an urgent call to action regarding a legal matter and a link for more information, according to a report from Forbes published on April 21.

But if you interact with the email, your credentials could be stolen, your password changed and new security measures put in place to keep you from getting back into your account. If you find yourself in this boat — from this phishing attack or another — hope isn’t lost. If you have the proper measures in place and you act quickly, you can regain access.

A Google spokesperson told Forbes that a fix for this particular scenario will soon be deployed.

Read on to find out what to do in case your Gmail account is hacked and you can no longer log in. We’ll also throw in some additional security measures so you can potentially make your account less vulnerable.

For more, don’t miss Android security and privacy features you should know about.

If your Gmail account was compromised, do this

This particular attack isn’t necessarily special, but it does show that cybercriminals are relentless in looking to gain access to user accounts by creating increasingly sophisticated methods of attack. And it is all too easy to fall victim to phishing attacks. Gmail is the most popular email service, so it makes sense for the bad guys to prioritize it. Google even has a quiz to help you spot these types of emails.

If you had your account hacked, regaining access can be tricky. What information and recovery measures were in place will play a factor in your success and in the time it could take to recover your account.

Start by going to https://accounts.google.com/signin/recovery and answer the questions to the best of your ability. If you had any additional emails or phone numbers associated with your account, this information may be able to help you, even if it’s been removed from your account. Google has additional tips that may help you when completing the account recovery module, like making sure you’re completing these steps in a familiar location and with a familiar device.

After some digging, including going through a series of help requests about a compromised account, the writer of the Forbes report was able to receive a callback from Google directly. A key factor here, though, was that it required the Google One Premium subscription that offers additional storage, AI features and other benefits.

Prevention is the best method: How to secure your Gmail account

There’s a reason why you’ll find more support articles from Google that will show you how to prevent bad actors from getting into and wreaking havoc on your Gmail account than you’ll find articles about recovering from a phishing attack. That’s because it’s much easier to prevent a hack than it is to prove you’re the one trying to regain access to your account.

If you’re luckily reading this as a preventive measure to protect your Gmail account, here are things you can and should do to keep your account safe.

One of the easiest ways to increase the security of your account is adding a recovery email and phone number to your account account. Here’s how to do it.

From your computer, head to myaccount.google.com and login to your account
Click on the Security tab on the left side panel
Under the How you sign in to Google section, click Add an email address next to Recovery email. You can add a phone number in this section by clicking 2-Step Verification phone.
Both of these methods will require verification before they’re added to your account.

Additional security measures you should enable

By adding a recovery phone and email to your Google account, you’ll save yourself a lot of time if you need to confirm your identity to regain access to your account, but that’s essentially the bare minimum. There’s still so much more you can do to protect your Google account, which will in turn protect your Gmail account.

True, additional security can come at the expense of convenience. Some of the methods may be slightly less secure but keep your convenience balanced, where others may be much more secure and the convenience dial turned all the way down.

The security focus is primarily going to be enabling two-step verification when you sign into your Google account or any of its apps, like Gmail.

Two-step verification options

There are a handful of ways to add a second layer of security when signing into your Google account. You can enable one or more at a time.

Passkeys — You can save a passkey to your device that can be used instead of logging in with a password. Passkeys, which are secure, FIDO credentials, can be saved with password managers on computers or mobile devices and just need to be verified with biometrics or a PIN.
Security Key — This is probably the most secure but most inconvenient method. It will require you to purchase a physical security key and insert it into the device you’re trying to log into. There are several NFC-enabled security keys available as well.
Two-step verification phone — With this enabled, you’ll be sent a code via text message that you can input into the device you’re signing into. SMS has its own security concerns, though.
Authenticator app — This method requires a one-time setup for your account. Once it’s enabled, you’ll be asked to provide a temporary code from your authenticator app in order to log in.
Google prompt — This method is very convenient. You’ll receive a popup on your phone from Google that you’ll need to tap to confirm it’s you that’s logging into your account on a new device.
Backup codes — This method will generate a series of unique codes that you store in a safe place and can use when you get locked out of your account.

Consider the Google Advanced Protection Program

Google offers an advanced protection program that doubles down on security. The above two-step verification methods will typically be enough for you to skip your login credentials, but the Google Advanced Protection Program requires you to use a passkey or security key and your login credentials to access your account. Google encourages journalists, activists, business executives and people involved in elections to enroll, but it’s a free program that anyone can use.

For more, check out our Cybersecurity hub.

Technologies

Today’s Wordle Hints, Answer and Help for July 5, #1477

Here are hints and the answer for today’s Wordle for July 5, No. 1,477.

Looking for the most recent Wordle answer? Click here for today’s Wordle hints, as well as our daily answers and hints for The New York Times Mini Crossword, Connections, Connections: Sports Edition and Strands puzzles.

Today’s Wordle puzzle is a pretty tough one. I grew up on a farm, so I know the word, but I didn’t put it together right away, even though the letters are common ones. If you need a new starter word, check out our list of which letters show up the most in English words. If you need hints and the answer, read on.

Today’s Wordle hints

Before we show you today’s Wordle answer, we’ll give you some hints. If you don’t want a spoiler, look away now.

Wordle hint No. 1: Repeats

Today’s Wordle answer has no repeated letters.

Wordle hint No. 2: Vowels

There is are two vowels in today’s Wordle answer.

Wordle hint No. 3: First letter

Today’s Wordle answer begins with the letter B.

Wordle hint No. 4: Down on the farm

Today’s Wordle answer describes a piece of farm equipment.

Wordle hint No. 5: Meaning

Today’s Wordle answer refers to a machine for making paper, hay, or cotton into bales.

TODAY’S WORDLE ANSWER

Today’s Wordle answer is BALER.

Yesterday’s Wordle answer

Yesterday’s Wordle answer, July 4, No. 1476 was CURVE.

Recent Wordle answers

June 30, No. 1472: BLINK

July 1, No. 1473: MOLDY

July 2, No. 1474: INCUR

July 3, No. 1475: POPPY

Technologies

Today’s NYT Strands Hints, Answers and Help for July 5, #489

Here are hints and answers for the NYT Strands puzzle for July 5, No. 489.

Looking for the most recent Strands answer? Click here for our daily Strands hints, as well as our daily answers and hints for The New York Times Mini Crossword, Wordle, Connections and Connections: Sports Edition puzzles.

The theme of today’s NYT Strands puzzle isn’t terribly tough, but at least one of the words is unusual and really, really long to unscramble. If you need hints and answers, read on.

I go into depth about the rules for Strands in this story.

If you’re looking for today’s Wordle, Connections and Mini Crossword answers, you can visit CNET’s NYT puzzle hints page.

Read more: NYT Connections Turns 1: These Are the 5 Toughest Puzzles So Far

Hint for today’s Strands puzzle

Today’s Strands theme is: Every second counts.

If that doesn’t help you, here’s a clue: Does anybody really know what time it is?

Clue words to unlock in-game hints

Your goal is to find hidden words that fit the puzzle’s theme. If you’re stuck, find any words you can. Every time you find three words of four letters or more, Strands will reveal one of the theme words. These are the words I used to get those hints but any words of four or more letters that you find will work:

DIAL, SOLE, MOLE, MOLES, SHAKE, CHEEP, ROLE, HOME, LOCK, MEAT, TAME, TAMES, ROLES, ROON, TRON

Answers for today’s Strands puzzle

These are the answers that tie into the theme. The goal of the puzzle is to find them all, including the spangram, a theme word that reaches from one side of the puzzle to the other. When you have all of them (I originally thought there were always eight but learned that the number can vary), every letter on the board will be used. Here are the nonspangram answers:

CLOCK, WATCH, SUNDIAL, HOURGLASS, CHRONOMETER

Today’s Strands spangram

Today’s Strands spangram is TIMEKEEPERS. To find it, look for the T that’s four letters down on the far left, and wind across.

Technologies

Microsoft Is Eliminating Passwords in August: Here’s What You Need to Do to Prepare

Microsoft Authenticator has already stopped autofilling passwords, but the biggest change comes next month.

In June, Microsoft Authenticator stopped letting users create new passwords. In July, it turned off the autofill password function. And in August, the login app will stop supporting passwords entirely, moving to more secure passkeys, such as a PIN, fingerprint or facial recognition.

Attila Tomaschek, CNET’s software senior writer and digital security expert, says that passkeys are a safer alternative to the risky password habits practiced by 49% of US adults, according to a recent survey by CNET.

«Passwords can be cracked, whereas passkeys need both the public and the locally stored private key to authenticate users, which can help mitigate risks like falling victim to phishing and brute-force or credential-stuffing attacks,» Tomaschek said.

Using the same password for several accounts or adding personal hints can be a convenient way to remember your login. But that puts you at a big risk for scammers, identity theft and fraud. Here’s more on Microsoft’s plan for eliminating passwords and how to make the switch to passkeys before August.

When will Microsoft Authenticator stop supporting passwords?

Microsoft Authenticator houses your passwords and lets you sign into all your Microsoft accounts using a PIN, facial recognition like Windows Hello, or other biometric data like a fingerprint. Authenticator can be used in other ways, such as verifying you’re logging in if you forgot your password, or using two-factor authentication as an extra layer of security for your accounts. In June, the company stopped letting users add passwords to Authenticator, but here’s a timeline of other changes you can expect from Microsoft.

July 2025: You won’t be able to use the autofill password function.
August 2025: You’ll no longer be able to use saved passwords.

If you still want to use passwords instead of passkeys, you can store them in Microsoft Edge. However, CNET experts recommend adopting passkeys during this transition. «Passkeys use public key cryptography to authenticate users, rather than relying on users themselves creating their own (often weak or reused) passwords to access their online accounts,» Tomaschek said.

Why are passkeys a better alternative to passwords?

So what exactly is a passkey? It’s a credential created by the Fast Identity Online Alliance that uses biometric data or a PIN to verify your identity and access your account. Think about using your fingerprint or Face ID to log into your account. That’s generally safer than using a password that is easy to guess or susceptible to a phishing attack.

Passkeys aren’t stored on servers like passwords. Instead, they’re stored only on your personal device. More conveniently, this takes the guesswork out of remembering your passwords and the need for a password manager.

How to set up a passkey in Microsoft Authenticator

Microsoft said in a May 1 blog post that it will automatically detect the best passkey to set up and make that your default sign-in option. «If you have a password and ‘one-time code’ set up on your account, we’ll prompt you to sign in with your one-time code instead of your password. After you’re signed in, you’ll be prompted to enroll a passkey. Then the next time you sign in, you’ll be prompted to sign in with your passkey,» according to the blog post.

To set up a new passkey, open your Authenticator app on your phone. Tap on your account and select «Set up a passkey.» You’ll be prompted to log in with your existing credentials. After you’re logged in, you can set up the passkey.