Cyber Safe Center Newsletter
Posts
Phantom Hacker Scam & 2.5B Gmail accounts info exposed

Phantom Hacker Scam & 2.5B Gmail accounts info exposed

Today's newsletter covers FBI warning's of the Phantom Hacker Scam & 2.5 billion Gmail accounts information exposed.

Cassie Crossley
September 01, 2025

In this issue:

Threat of the week: FBI warning of the Phantom Hacker Scam
2.5 billion Gmail accounts information exposed
New section: SPAM example of the week
SO MANY Data breach notifications this week

FBI warning: Phantom Hacker Scam

The FBI reissued a warning this week about a scary scam known as "Phantom Hacker". There are three phases to the scam and it's very easy to get caught up into the web of lies the scammers put together. Many people have lost their life savings, so please do everything you can to protect yourself and your family.

Here are the three phases where they pose as imposters:

Tech Support Imposter: The first scammer poses as a technical or customer support person and have you install something or go to a malicious web page. They claim your computer has been hacked and tells you to check your financial accounts to make sure the accounts haven't been compromised (while they are secretly watching you access the websites). They tell you to wait for a call from the financial company's fraud department.
Financial Institution Imposter: The second scammer calls you to let you know your accounts are compromised and that the funds need to be moved to a safe account with the Federal Reserve or another US Government agency. They have you move money through wire transfer, cash, or cryptocurrency.
US Government Imposter: The third scammer contacts you by phone, email, or letter. They request that the money be moved again to a different safe account.

I haven't heard of anyone that was a victim to all three phases, but each one on it's own is an existing scam that is stealing BILLIONS of dollars each year.

No legitimate person will ever call you and tell you to transfer money or help you with your account. And you also should be extremely cautious of every link and phone number you find on the internet. Even Google's AI has given fake support phone numbers in it's responses.

If you are ever unsure of a link or who to contact, let me try to validate the information or find a legitimate contact for you.

2.5 billion Gmail accounts information exposed

If you use Gmail (I have several accounts), here’s some a major risk you should be aware of concerning your accounts. Google recently confirmed a massive data incident that could potentially affect up to 2.5 billion accounts. Before you panic—no, hackers didn’t break into your inbox and read your emails. But what happened is still serious enough to warrant a password change.

The situation started when cybercriminals tricked a Google employee into handing over access to a Salesforce database. This wasn’t Gmail itself being hacked, but the database contained contact details, email addresses, and other account information tied to Google services. Think of it as thieves stealing the “address book,” not the contents of your house.

So why should you care? Because that kind of info is gold for scammers. With your email address in hand, they can launch highly targeted phishing attacks (“click this link to reset your account”), fake tech support calls, or even messages that look like they’re straight from Google.

Here’s how you can protect yourself right now:

Change your Gmail password to something strong and unique. I’ve talked about having strong passwords in previous articles (passwords discussed here and passkeys discussed here), so please make sure you have a Gmail password that you aren't using anywhere else and cannot be cracked by scammers.
Turn on multi-factor authentication (MFA). This means even if someone gets your password, they still can’t log in.
Run Google’s Security Checkup. It walks you through reviewing devices, apps, and sign-ins connected to your account.

Gmail itself wasn’t broken into yet, but maybe we'll learn more as time goes on. Hackers don’t need your actual emails to cause trouble—sometimes just having your contact info is enough. Staying one step ahead with fresh security habits keeps you safe.

New Section: SPAM example of the week

I get so many spam/scam texts and emails that I thought I should show how I recognize that it is spam and thus on it’s way to being a scam.

SO MANY Data breach notifications this week

Most of the time these will be companies that you don’t have any personal data with, but scan the names to make sure you aren’t affected.

Here’s a good list of active healthcare breaches: U.S. Department of Health & Human Services - Office for Civil Rights

Here’s a new page of the personal data breaches that I’ve been noting in the newsletter: https://cybersafecenter.com/personal-data-breaches/

And here is this week’s batch of notifications:

Aspire Rural Health System: 140k people: Aspire Rural Health System Data Breach Impacts Nearly 140,000

CPAP Medical: 90k people: CPAP Medical Data Breach Impacts 90,000 People

Farmers New World Life Insurance: 40k people: Farmers Insurance Data Breach Impacts Over 1 Million People

Farmers Group: 1M individuals: Farmers Insurance Data Breach Impacts Over 1 Million People

Intel: 270k workers: Intel Employee Data Exposed by Vulnerabilities

TransUnion: 4.4M individuals: TransUnion Data Breach Impacts 4.4 Million

Healthcare Services Group: 624k individuals: Healthcare Services Group Data Breach Impacts 624,000

Do you have an idea for a future newsletter? Please reply to this email and let me know.

Thank you so much!

Sincerely,
Cassie Crossley
Founder, Cyber Safe Center
https://www.cybersafecenter.com