Google is once again urging users to upgrade their account security by moving away from password-only access, as cyber scams grow increasingly sophisticated.

The warning follows an attempted phishing attack on Instagram boss Adam Mosseri, who revealed he had been targeted by a convincing scam involving a fake Google phone call and a seemingly legitimate email prompting him to change his password.

Though Google quickly traced and suspended the accounts involved, the incident highlights the evolving nature of online threats. The company has reiterated that it never contacts users by phone or email about password changes or account issues. Any such message should be considered a scam.

In response, Google is encouraging users to adopt stronger security methods, such as Passkeys-a login system that replaces passwords with biometric authentication via a trusted device like a smartphone. This can include fingerprint recognition, facial scan, or the phone's screen lock.

The tech giant also recommends using two-factor authentication (2FA), but advises against relying on SMS codes or email-based verification, which can be intercepted. Instead, users should opt for an authentication app or use Passkeys for greater protection.

With scams becoming more difficult to detect, Google's message is clear: take proactive steps to secure your account. Users who receive suspicious communication claiming to be from Google are advised to avoid engaging and verify concerns through Google's official support channels.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!