According to Google, cyberattacks have targeted 61% of email users, with text messaging posing significant risks for nearly all American mobile users. Over half of U.S. consumers have experienced a data breach, and more than 60% have reported an increase in scams over the past year.
Despite these alarming statistics, most users have not taken steps to upgrade their account security. Although there has been a push toward adopting passkeys and social sign-ins, the majority still rely on outdated methods like passwords and two-factor authentication. This includes all Google services and any sign-in that uses a Google account.
Digitally native Gen Z users are increasingly adopting more advanced authentication methods, moving away from traditional password-based security. Google warns that passwords are not only hard to remember but also more vulnerable to phishing and data breaches.
In light of this, Google is urging users to update their account security immediately to protect themselves from scammers. Passkeys—phishing-resistant authentication tools that function like unlocking a device—are central to this shift. They aim to simplify sign-ins while greatly improving account safety.
The advisory comes after Instagram CEO Adam Mosseri reportedly nearly fell victim to a phishing attempt. Mosseri revealed he was targeted by a convincing scam involving a fake Google phone call and a legitimate-looking email prompting a password reset.
Passkeys play a vital role in helping users access their favorite apps and websites through their Google accounts, reducing the need for multiple credentials. Tied primarily to a user’s phone, these digital keys act as secure gateways to essential accounts.
A report cited by Forbes and produced by cybersecurity firm Check Point emphasizes the urgency of upgrading security measures. Passwords remain a weak link, with credential dumps from breached companies circulating daily on the dark web. Password reuse remains common, and phishing attacks are becoming increasingly sophisticated. Human error continues to be a major vulnerability.
Check Point notes that attackers often gain access through stolen credentials via phishing, social engineering, credential stuffing, or brute-force attacks. Once inside, they escalate privileges and extract data—frequently going undetected for months.
Google and Apple users should be alert to emails or texts claiming their credentials were compromised and urging immediate password resets. These messages may contain phone numbers for fake support lines or malicious links. According to Google, it will never contact users to reset passwords or resolve account issues—any such messages should be deleted immediately.
