Google New Login Text Scam: The Fake Unrecognized Device Alert
Written by: Thomas Orsolya
Published on:
The Google New Login Text Scam is a fake security alert designed to scare people into calling a fraudulent support number. The message claims there was a new login to your Google account from an unknown device, then pressures you to call immediately if it was not you.
The real goal is not to protect your account. It is to move you onto a phone call with scammers who pretend to be Google security agents, fake tech support staff, or account recovery specialists.
Scam Overview
The scam usually starts with a text message that looks urgent and official. It may say something like:
Google: New log In from an unrecognized device (Windows, Chicago). If NOT YOU, immediately call +44… to secure YOUR account.
The exact wording changes, but the structure is usually the same. The message mentions “Google,” claims there was a suspicious login, names a device or location, and gives a phone number to call. Sometimes the number may appear to be from the UK, the US, or another country. Scammers can also spoof caller ID or sender information, so the number shown on your phone is not reliable proof of who sent the message.
This scam is dangerous because it imitates a real fear. Most people understand that a hacked Google account can be serious. Your Gmail, photos, saved passwords, YouTube account, Google Drive files, Android backups, business accounts, and recovery emails may all be connected to that one login. So when a text says someone accessed your account from an unknown device, it creates instant panic.
That panic is exactly what the scammers want.
A real Google security alert may warn you about unusual activity or a new device, but Google’s official guidance points users to review security events from inside their Google Account, not to call a random number in a text message. Google’s help pages explain that suspicious activity can include a new device login, a security settings change, or activity you do not recognize, and Google tells users to review recent security events from their account security settings.
The fake text skips that safe process. Instead, it gives you a phone number and pressures you to call immediately. That is the trap.
Once you call, the scam shifts from a text scam into a tech support scam. The person who answers may sound calm, trained, and professional. They may say they are from “Google Security,” “Google Account Protection,” “Google Fraud Department,” or a third-party support team working with Google.
They will usually claim your account is under attack. They may say your device is infected, your Gmail has been hacked, your bank accounts are at risk, or someone is using your identity. Then they will push you to install remote access software such as AnyDesk, TeamViewer, UltraViewer, Zoho Assist, or another screen-sharing tool.
Remote access tools are legitimate when used by real IT teams. In this scam, they are abused. Once the scammer can see or control your screen, they can guide you through fake “security checks,” view private information, steal login details, manipulate banking pages, install more software, or pressure you into sending money.
The FTC specifically warns that tech support scammers may claim there is something wrong with your computer, ask for remote access, and then demand payment.
A common version of this scam turns into a fake refund or fake account protection story. The scammer may say they need to “reverse a fraudulent charge,” “refund your account,” “secure your banking connection,” or “verify your identity.” They may ask you to open your bank account while they are connected remotely. They may then claim they accidentally refunded too much money or that your account must be “protected” by moving funds elsewhere.
Another version ends with gift cards. The scammer may tell you to buy Apple, Google Play, Steam, Target, Walmart, or other gift cards, then read the codes over the phone. This is always a scam.
The Google New Login Text Scam is effective because it combines several powerful manipulation tactics:
A trusted brand name: Google
A scary claim: your account was accessed
A suspicious location or device: “Windows, Chicago”
Urgency: “If NOT YOU, immediately…”
A simple action: call this number
A fake solution: remote support will “secure” your account
The message may also contain odd grammar, strange spacing, capitalized words, or awkward line breaks. These are common red flags, but scammers do not need perfect writing to succeed. They only need the message to create enough fear for someone to call.
How The Scam Works
1. You Receive a Fake Google Security Text
The first step is the SMS. It is written to look like a Google security warning. It may say there was a new login from Windows, Mac, iPhone, Android, Chrome, or an unknown device. It may also name a city, state, or country to make the alert feel specific.
Examples may include:
“Google: New login from an unrecognized device.”
“Google Security Alert: Login attempt from Windows.”
“Your Google account was accessed from Chicago.”
“If this wasn’t you, call support immediately.”
“Suspicious Google sign-in detected. Call now to secure your account.”
The scammer wants you to focus on the fear, not the details. The phone number is the most important part of the message. That number connects you to the fraud operation.
2. The Message Pushes You to Call Instead of Checking Your Account Safely
This is the key red flag.
A legitimate account security process should lead you to your account settings, not to a random phone number. Google’s official account recovery and security guidance tells users to review security events, check suspicious activity, and secure the account through Google Account settings.
The scam text does the opposite. It wants you to call before you think.
That matters because phone calls are easier for scammers to control. On a call, they can interrupt you, create pressure, sound confident, and adapt their story based on your reactions. They can also keep you from verifying the message independently.
3. A Fake Support Agent Answers the Phone
If you call, the person on the other end will usually pretend to be part of Google or a related security team. They may ask for your name, phone number, email address, device type, or account details.
They may say things like:
“Your account has been accessed from multiple locations.”
“Your phone has been infected.”
“Hackers are using your Gmail.”
“Your bank account may be connected to the attack.”
“We need to secure your device immediately.”
“Do not hang up, or the hackers may regain access.”
This is psychological pressure. The scammer wants you to believe the situation is urgent and that they are the only person who can fix it.
4. They Claim Your Device Is Infected or Hacked
After a few minutes, the fake agent will usually expand the problem. The text started with a Google login, but now the scammer may claim the issue is much bigger.
They may say your entire phone, computer, or home network is compromised. They may claim that foreign hackers, fake IP addresses, banking malware, or identity thieves are involved.
This is where the scam becomes more dangerous. The scammer is setting up a reason to ask for remote access.
5. They Ask You to Install AnyDesk or Similar Remote Access Software
The scammer may ask you to install AnyDesk, TeamViewer, UltraViewer, Zoho Assist, or another remote support tool. They will describe it as a “security scanner,” “Google support tool,” “account verification tool,” or “screen sharing app.”
They may say they only need to “see the problem.” In reality, remote access can allow them to watch what you type, guide you into sensitive pages, change settings, install programs, or control your device.
The FTC warns that remote access requests are a classic part of tech support scams.
Once connected, they may open harmless system screens and pretend they show hacking. On Windows, scammers often misuse normal logs, warnings, or command prompt output to make the victim believe the computer is infected. On phones, they may point to normal app permissions, storage information, or system messages and claim these are signs of hacking.
6. They Try to Access Your Bank, Email, or Payment Accounts
After gaining your trust, the fake support agent may ask you to log in to your bank account, PayPal, Cash App, Coinbase, Gmail, or other accounts. They may say they need to verify whether hackers stole money or connected fraudulent accounts.
This is extremely risky. If a scammer is connected remotely, they may be able to see your screen, capture sensitive information, or guide you into authorizing transfers.
They may ask for:
Online banking login details
One-time verification codes
Credit card numbers
Debit card numbers
Recovery codes
Google verification codes
PayPal or crypto account access
Screenshots of identity documents
Photos of gift card receipts
Remote access permissions
Never share verification codes with someone who called you or someone you reached through a suspicious text. A real security team does not need your one-time code to “secure” your account.
7. They Demand Gift Cards, Bank Transfers, Crypto, or “Refund” Steps
At some point, the scam usually becomes financial. The scammer may claim you need to pay for security software, reverse a fraudulent transaction, protect your money, or complete a refund.
Gift cards are especially common because they are fast, hard to reverse, and easy for criminals to resell. The scammer may stay on the phone while you drive to a store, buy cards, scratch the codes, and read the numbers aloud.
This is not how Google, banks, police, or real tech support companies operate. Anyone who asks for gift cards as payment is running a scam.
8. They May Continue Contacting You
If the scammers believe you are vulnerable, they may call again. They may claim the first payment failed, your account is still under attack, or a refund is pending. They may also pass your information to other fraud groups.
Some victims are contacted later by fake “recovery agents” who claim they can get the money back. These are often secondary scams.
Red Flags in the Google New Login Text Scam
This scam has several warning signs:
The text tells you to call a phone number to secure your Google account.
The message creates panic with phrases like “If NOT YOU” or “immediately.”
The grammar, spacing, or punctuation looks strange.
The sender is an unknown number or international number.
The message mentions a suspicious device or city but gives no safe account link.
The caller claims your device is infected or hacked.
They ask you to install AnyDesk or another remote access app.
They ask you to open your bank account while they are connected.
They request gift cards, crypto, wire transfers, or payment apps.
They ask for verification codes or passwords.
The biggest red flag is simple: a real account security alert should not require you to call a random number from a text message.
10 Common Google New Login Text Scam Variations
Scammers constantly change the wording of these fake Google security alerts, but the pattern is usually the same: they mention a suspicious login, create urgency, and push you to call a phone number or click a link. Below are common examples of what these scam texts may look like.
1. “New Login From an Unrecognized Device”
Google: New login from an unrecognized device. If this was NOT YOU, call +1-XXX-XXX-XXXX immediately to secure your account.
This is one of the most common versions. It tries to make the victim believe someone has accessed their Google account from a new device.
2. “Login From Windows in Chicago”
Google: New login from Windows, Chicago. If you do not recognize this activity, contact Google Security at +1-XXX-XXX-XXXX.
Scammers often add a device type and city to make the alert feel more realistic. The location may be random and does not mean anyone actually logged into your account.
3. “Suspicious Sign-In Attempt Blocked”
Google Security Alert: Suspicious sign-in attempt blocked. Call support now at +1-XXX-XXX-XXXX to verify your account.
This version claims Google already blocked a login attempt, but still pressures you to call. The goal is to move you into a fake support call.
4. “Your Gmail Account Has Been Accessed”
Gmail Alert: Your account was accessed from an unknown browser. If this wasn’t you, call our security team immediately.
This version uses “Gmail” instead of “Google” because many people treat Gmail as their main online identity. The scammer wants you to panic about losing access to email.
5. “Google Account Temporarily Locked”
Google: Your account has been temporarily locked due to suspicious activity. Call +1-XXX-XXX-XXXX to restore access.
This message creates fear that you may lose access to your account unless you act quickly. In reality, the number connects to scammers, not Google.
6. “Device Infection Detected”
Google Security: Malware detected after recent login attempt. Call support immediately to remove infection and protect your account.
This version quickly turns the fake login alert into a fake tech support issue. If you call, scammers may claim your phone or computer is infected and ask you to install AnyDesk, TeamViewer, or another remote access app.
7. “Your Account Will Be Disabled”
Google Notice: Your account will be disabled in 24 hours due to suspicious login activity. Call verification support now.
This variation uses a deadline to stop you from thinking clearly. Real security issues should be checked directly inside your Google Account, not through a random phone number in a text.
8. “Unauthorized Recovery Number Added”
Google Alert: A new recovery phone number was added to your account. If this was not you, call +1-XXX-XXX-XXXX.
This version sounds serious because recovery numbers can be used to regain account access. Scammers use that fear to make you call.
9. “Payment or Banking Risk Warning”
Google Security: Your account may be linked to unauthorized banking activity. Call support now to secure your device.
This is a more aggressive version. It prepares the victim for the next stage of the scam, where fake support agents ask them to open online banking while connected remotely.
10. “Verification Required After New Login”
Google: New sign-in detected. Verification required. Call +1-XXX-XXX-XXXX to confirm identity and prevent suspension.
This message makes the call sound like a normal identity check. Once the victim calls, scammers may ask for verification codes, passwords, banking access, or gift card payments.
What To Do If You Receive This Text
Do not call the number. Do not reply. Do not click any links if the message includes them.
Instead, check your Google account manually. Open your browser or Google app yourself and go to your Google Account security settings. Review recent security events, signed-in devices, recovery email, recovery phone number, and two-step verification settings. Google’s official guidance says that if you find activity you do not recognize, you should mark it as not yours and follow the steps to secure your account.
You should also:
Block the sender.
Report the text as spam through your phone.
Report phishing or suspicious messages where possible.
Change your Google password if you see suspicious activity.
Turn on two-step verification or passkeys.
Remove unknown devices from your account.
Check Gmail forwarding rules, filters, and recovery settings.
If there is no suspicious activity in your Google Account, the text was likely only a lure to get you to call the scammers.
What To Do If You Called the Scam Number
If you called but did not install anything, share codes, or open accounts, hang up and block the number. Then check your Google Account security settings manually.
If you installed remote access software, take action immediately:
Disconnect from the internet Turn off Wi-Fi and mobile data or unplug your computer from the network. This can stop the remote session.
Uninstall the remote access software Remove AnyDesk, TeamViewer, UltraViewer, Zoho Assist, or any other tool the scammer asked you to install. Check whether unattended access was enabled.
Change passwords from a clean device Use another phone or computer that the scammer never accessed. Change your Google password, email password, banking password, PayPal password, and any other sensitive account passwords.
Revoke active sessions Sign out of all devices from your Google Account and other important accounts. Remove unknown devices.
Contact your bank immediately Call the number on the back of your card or use the official banking app. Tell them you may have been targeted by a tech support scam. Ask them to check for suspicious transfers, new payees, card activity, or account changes.
Cancel exposed cards If you typed card details while the scammer was connected, ask your bank to replace the card.
Report gift cards quickly If you bought gift cards and gave the codes to scammers, contact the gift card company immediately. Keep the card and receipt. The FTC advises contacting the issuer right away and reporting the scam.
Scan the device Run a full security scan. If the scammer had deep access or installed unknown tools, consider getting help from a trusted local technician.
Watch for follow-up scams Do not trust anyone who contacts you claiming they can recover the money for a fee.
Report the fraud In the US, victims can report scams to the FTC. Outside the US, report it to your national cybercrime authority, local police, bank, and mobile provider.
Is Your Device Infected? Scan for Malware
If your computer or phone is slow, showing unwanted pop-ups, or acting strangely, malware could be the cause. Running a scan with Malwarebytes Anti-Malware Free is one of the most reliable ways to detect and remove harmful software. The free version can identify and clean common infections such as adware, browser hijackers, trojans, and other unwanted programs.
Malwarebytes works on Windows, Mac, and Android devices. Choose your operating system below and follow the steps to scan your device and remove any malware that might be slowing it down.
Malwarebytes for WindowsMalwarebytes for MacMalwarebytes for Android
Run a Malware Scan with Malwarebytes for Windows
Malwarebytes stands out as one of the leading and widely-used anti-malware solutions for Windows, and for good reason. It effectively eradicates various types of malware that other programs often overlook, all at no cost to you. When it comes to disinfecting an infected device, Malwarebytes has consistently been a free and indispensable tool in the battle against malware. We highly recommend it for maintaining a clean and secure system.
Download Malwarebytes
Download the latest version of Malwarebytes for Windows using the official link below. Malwarebytes will scan your computer and remove adware, browser hijackers, and other malicious software for free.
(The above link will open a new page from where you can download Malwarebytes)
Install Malwarebytes
After the download is complete, locate the MBSetup file, typically found in your Downloads folder. Double-click on the MBSetup file to begin the installation of Malwarebytes on your computer. If a User Account Control pop-up appears, click “Yes” to continue the Malwarebytes installation.
Follow the On-Screen Prompts to Install Malwarebytes
When the Malwarebytes installation begins, the setup wizard will guide you through the process.
You’ll first be prompted to choose the type of computer you’re installing the program on—select either “Personal Computer” or “Work Computer” as appropriate, then click on Next.
Malwarebytes will now begin the installation process on your device.
When the Malwarebytes installation is complete, the program will automatically open to the “Welcome to Malwarebytes” screen.
On the final screen, simply click on the Open Malwarebytes option to start the program.
Enable “Rootkit scanning”.
Malwarebytes Anti-Malware will now start, and you will see the main screen as shown below. To maximize Malwarebytes’ ability to detect malware and unwanted programs, we need to enable rootkit scanning. Click on the “Settings” gear icon located on the left of the screen to access the general settings section.
In the settings menu, enable the “Scan for rootkits” option by clicking the toggle switch until it turns blue.
Now that you have enabled rootkit scanning, click on the “Dashboard” button in the left pane to get back to the main screen.
Perform a Scan with Malwarebytes.
To start a scan, click the Scan button. Malwarebytes will automatically update its antivirus database and begin scanning your computer for malicious programs.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now scan your computer for browser hijackers and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check the status of the scan to see when it is finished.
Quarantine detected malware
Once the Malwarebytes scan is complete, it will display a list of detected malware, adware, and potentially unwanted programs. To effectively remove these threats, click the “Quarantine” button.
Malwarebytes will now delete all of the files and registry keys and add them to the program’s quarantine.
Restart your computer.
When removing files, Malwarebytes may require a reboot to fully eliminate some threats. If you see a message indicating that a reboot is needed, please allow it. Once your computer has restarted and you are logged back in, you can continue with the remaining steps.
Once the scan completes, remove all detected threats. Your Windows computer should now be clean and running smoothly again, free of trojans, adware, and other malware.
If your current antivirus allowed this malicious program on your computer, you may want to consider purchasing Malwarebytes Premium to protect against these types of threats in the future. If you are still having problems with your computer after completing these instructions, then please follow one of the steps:
Malwarebytes for Mac is an on-demand scanner that can destroy many types of malware that other software tends to miss without costing you absolutely anything. When it comes to cleaning up an infected device, Malwarebytes has always been free, and we recommend it as an essential tool in the fight against malware.
Download Malwarebytes for Mac.
You can download Malwarebytes for Mac by clicking the link below.
When Malwarebytes has finished downloading, double-click on the setup file to install Malwarebytes on your computer. In most cases, downloaded files are saved to the Downloads folder.
Follow the on-screen prompts to install Malwarebytes.
When the Malwarebytes installation begins, you will see the Malwarebytes for Mac Installer which will guide you through the installation process. Click “Continue“, then keep following the prompts to continue with the installation process.
When your Malwarebytes installation completes, the program opens to the Welcome to Malwarebytes screen. Click the “Get started” button.
Select “Personal Computer” or “Work Computer”.
The Malwarebytes Welcome screen will first ask you what type of computer are you installing this program, click either Personal Computer or Work Computer.
Click on “Scan”.
To scan your computer with Malwarebytes, click on the “Scan” button. Malwarebytes for Mac will automatically update the antivirus database and start scanning your computer for malware.
Wait for the Malwarebytes scan to complete.
Malwarebytes will scan your computer for adware, browser hijackers, and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Quarantine”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes has detected. To remove the malware that Malwarebytes has found, click on the “Quarantine” button.
Restart computer.
Malwarebytes will now remove all the malicious files that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your computer.
After scanning, delete any detected threats. Your Mac should now be free from adware, unwanted extensions, and other potentially harmful software.
If your current antivirus allowed a malicious program on your computer, you might want to consider purchasing the full-featured version of Malwarebytes Anti-Malware to protect against these types of threats in the future. If you are still experiencing problems while trying to remove a malicious program from your computer, please ask for help in our Mac Malware Removal Help & Support forum.
Run a Malware Scan with Malwarebytes for Android
Malwarebytes for Android automatically detects and removes dangerous threats like malware and ransomware so you don’t have to worry about your most-used device being compromised. Aggressive detection of adware and potentially unwanted programs keeps your Android phone or tablet running smooth.
Download Malwarebytes for Android.
You can download Malwarebytes for Android by clicking the link below.
In the Google Play Store, tap “Install” to install Malwarebytes for Android on your device.
When the installation process has finished, tap “Open” to begin using Malwarebytes for Android. You can also open Malwarebytes by tapping on its icon in your phone menu or home screen.
Follow the on-screen prompts to complete the setup process
When Malwarebytes will open, you will see the Malwarebytes Setup Wizard which will guide you through a series of permissions and other setup options. This is the first of two screens that explain the difference between the Premium and Free versions. Swipe this screen to continue. Tap on “Got it” to proceed to the next step. Malwarebytes for Android will now ask for a set of permissions that are required to scan your device and protect it from malware. Tap on “Give permission” to continue. Tap on “Allow” to permit Malwarebytes to access the files on your phone.
Update database and run a scan with Malwarebytes for Android
You will now be prompted to update the Malwarebytes database and run a full system scan.
Click on “Update database” to update the Malwarebytes for Android definitions to the latest version, then click on “Run full scan” to perform a system scan.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now start scanning your phone for adware and other malicious apps. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Remove Selected”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes for Android has detected. To remove the malicious apps that Malwarebytes has found, tap on the “Remove Selected” button.
Restart your phone.
Malwarebytes for Android will now remove all the malicious apps that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your device.
When the scan is finished, remove all detected threats. Your Android phone should now be free of malicious apps, adware, and unwanted browser redirects.
If your current antivirus allowed a malicious app on your phone, you may want to consider purchasing the full-featured version of Malwarebytes to protect against these types of threats in the future. If you are still having problems with your phone after completing these instructions, then please follow one of the steps:
Restore your phone to factory settings by going to Settings > General management > Reset > Factory data reset.
After cleaning your device, it’s important to protect it from future infections and annoying pop-ups. We recommend installing an ad blocker such as AdGuard. AdGuard blocks malicious ads, prevents phishing attempts, and stops dangerous redirects, helping you stay safe while browsing online.
The Bottom Line
The Google New Login Text Scam is not a real Google security warning. It is a fake alert designed to make you call scammers pretending to be tech support.
Once on the phone, they may claim your device is infected, push you to install remote access software, ask you to open banking accounts, steal personal information, or pressure you into buying gift cards.
Do not call the number in the text. Check your Google Account directly through your own account settings, not through a phone number or link sent in an unexpected SMS. If someone claiming to be Google asks for remote access, gift cards, banking access, passwords, or verification codes, end the conversation immediately.
FAQ
Is the Google New Login text real?
In most cases, a text telling you to call a phone number because of a “new login” is a scam. Google may send legitimate security alerts, but you should never trust a random phone number included in an unexpected SMS. Check your account manually by going directly to your Google Account security settings.
Why did I receive a fake Google login alert?
You likely received it because your phone number is on a spam list, appeared in a data breach, was collected from an online form, or was randomly targeted by automated scam systems. Receiving the text does not automatically mean your Google account was hacked.
What happens if I call the number in the text?
You may reach a fake tech support center. The scammer may pretend to be from Google and claim your device is hacked, infected, or being used by criminals. They may ask you to install remote access software, open your bank account, provide verification codes, or buy gift cards.
Does Google call users to secure their accounts?
Google does not normally ask users to call random phone numbers from SMS alerts to secure their accounts. If there is a real issue, you should review the alert from inside your Google Account or Gmail, not through a phone number sent by text.
What should I do if I received this scam text?
Do not call the number, do not reply, and do not click any links. Open your Google Account manually, review recent security activity, check signed-in devices, and change your password if you see anything suspicious. Then block and report the text as spam.
What should I do if I already called the scammers?
Hang up immediately. Do not follow any more instructions. If you did not install anything or share information, check your Google account security settings and block the number. If you shared details, installed remote access software, or opened banking pages, take stronger action immediately.
What if I installed AnyDesk, TeamViewer, or another remote access app?
Disconnect your device from the internet, uninstall the app, and check whether unattended access was enabled. Then change your passwords from a different clean device. Contact your bank if you opened financial accounts while the scammer was connected.
What if I gave the scammer a verification code?
Change your Google password immediately from a clean device. Sign out of all devices, remove unknown recovery options, enable two-step verification or passkeys, and check whether your Gmail forwarding rules or filters were changed. A verification code can let scammers access or take over accounts.
What if I bought gift cards and gave the codes?
Contact the gift card company immediately and report the fraud. Keep the receipts and the physical cards. Recovery is not guaranteed, but acting fast gives you the best chance of stopping the funds from being used.
Can scammers steal money if they only saw my screen?
Yes. If they watched you log in to banking, email, PayPal, crypto, or other sensitive accounts, they may have seen private information. They may also have guided you into approving transactions, adding payees, changing settings, or revealing codes. Contact your bank and change important passwords.
Should I change my Google password after receiving the text?
If you only received the text and did not interact with it, changing your password is optional unless you see suspicious account activity. However, it is still smart to review your Google security settings, remove unknown devices, and make sure two-step verification is enabled.
How can I tell if my Google account was actually hacked?
Check your Google Account security page directly. Look for unknown devices, unfamiliar locations, password changes, recovery email changes, recovery phone changes, suspicious Gmail filters, forwarding addresses, or security alerts you do not recognize.
Why do scammers ask for gift cards?
Gift cards are hard to reverse and easy for scammers to resell. No legitimate company, including Google, will ask you to buy gift cards to secure an account, remove a virus, reverse fraud, or process a refund.
Why do scammers ask for remote access?
Remote access lets scammers control or view your device. They can make fake “security scans” look convincing, watch you type passwords, push you to open bank accounts, or manipulate what appears on your screen.
What is the safest way to check a Google security alert?
Do not use the phone number or link in the message. Open your browser or Google app yourself, sign in to your Google Account, and review security activity from there. This avoids fake links, fake phone numbers, and fake support agents.
10 Rules to Avoid Online Scams
Here are 10 practical safety rules to help you avoid malware, online shopping scams, crypto scams, and other online fraud. Each tip includes a quick “if you already got hit” action.
Stop and verify before you click, log in, download, or pay.
Most scams win by creating urgency. Verify using a trusted method: type the website address yourself, use the official app, or call a known number (not the one in the message).
If you already clicked: close the page, do not enter passwords, and run a malware scan.
Keep your operating system, browser, and apps updated.
Updates patch security holes used by malware and malicious ads. Turn on automatic updates where possible.
If you saw a scary “update now” pop-up: close it and update only through your device settings or the official app store.
Use layered protection: antivirus plus an ad blocker.
Antivirus helps block malware. An ad blocker reduces scam redirects, phishing pages, and malvertising.
If your browser is acting weird: remove unknown extensions, reset the browser, then run a full scan.
Install apps, software, and extensions only from official sources.
Avoid cracked software, “keygens,” and random downloads. During installs, choose Custom/Advanced and decline bundled offers you do not recognize.
If you already installed something suspicious: uninstall it, restart, and scan again.
Treat links and attachments as untrusted by default.
Phishing often impersonates delivery services, banks, and popular brands. If it is unexpected, do not open attachments or log in through the message.
If you entered credentials: change the password immediately and enable 2FA.
Shop safely: research the store, then pay with protection.
Be cautious with brand-new stores, “closing sale” stories, and prices that make no sense. Prefer credit cards or PayPal for dispute options. Avoid wire transfers, gift cards, and crypto payments.
If you already paid: contact your card issuer or PayPal quickly to dispute the transaction.
Crypto rule: never pay a “fee” to withdraw or recover money.
Common patterns include fake profits, then “tax,” “gas,” or “verification” fees. Another is a “recovery agent” who demands upfront crypto.
If you already sent crypto: stop paying, save evidence (wallet addresses, TXIDs, chats), and report the scam to the platform used.
Secure your accounts with unique passwords and 2FA (start with email).
Use a password manager and unique passwords for every account. Enable 2FA using an authenticator app when possible.
If you suspect an account takeover: change passwords, sign out of all devices, and review recent logins and recovery settings.
Back up important files and keep one backup offline.
Backups protect you from ransomware and device failure. Keep at least one backup on an external drive that is not always connected.
If you suspect infection: do not connect backup drives until the system is clean.
If you think you are a victim: stop losses, document evidence, and escalate fast.
Move quickly. Speed matters for disputes, account recovery, and limiting damage.
Stop payments and contact: do not send more money or respond to the scammer.
Call your bank or card issuer: block transactions, replace the card if needed, and start a dispute or chargeback.
Secure your email first: change the email password, enable 2FA, and remove unfamiliar recovery options.
Secure other accounts: change passwords, enable 2FA, and log out of all sessions.
Scan your device: remove suspicious apps or extensions, then run a full malware scan.
Save evidence: screenshots, emails, order pages, tracking pages, wallet addresses, TXIDs, and chat logs.
Report it: to the payment provider, marketplace, social platform, exchange, or wallet service involved.
These rules are intentionally simple. Most online losses happen when decisions are rushed. Slow down, verify independently, and use payment methods and account controls that give you recourse.
Thomas is an expert at uncovering scams and providing in-depth reporting on cyber threats and online fraud. As an editor, he is dedicated to keeping readers informed on the latest developments in cybersecurity and tech.
