PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Google Debuts New Alert For When a Hacker Possibly Broke Into Your Account

'The new alerts are resistant to spoofing, so you can always be sure they're coming from us,' Google said in redesigning the 'critical alert' notification.

Michael Kan
 & Michael Kan Principal Reporter

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

(Credit: Google)


Google has come up with a new way to alert you about potential hacks on your user account. 

On Wednesday, the company debuted the redesigned “critical alert” notification, which should be impossible for hackers to spoof. 

Unlike an email message, the alert can pop up directly over any Google app you're using as its own unique notification. When you click through it, Google will tell you it’s possible a hacker may have broken into your account. You can then lock down access and boot the potential intruder out. 

Google

“When we detect a serious Google Account security issue, we’ll automatically display an alert within the Google app you’re using and help you address it —no need to check email or your phone’s alerts,” wrote Google Vice President  Rahul Roy-Chowdhury in a blog post today. 

Recommended by Our Editors

Google Will Soon Spot Fake Calls on Supported Android Phones
Google Will Soon Spot Fake Calls on Supported Android Phones
Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders
Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders
Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts
Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts

“The new alerts are resistant to spoofing, so you can always be sure they're coming from us,” he added. “We’ll begin a limited roll out in the coming weeks and plan to expand more broadly early next year.”

According to The Verge, the new alerts will first arrive for iOS users. The redesign builds on top of Google’s current safeguards, which can already use Android push notifications to alert you about unauthorized sign-ins to your account.

The Android push-based alert
The Android push-based alert (Credit: Google)

In addition, Google will use email messages to tell users about suspicious login attempts that’ve been prevented. However, the email-based alerts can be easily overlooked when they appear in the user’s inbox alongside numerous other emails.

The other problem is hackers, who can also create fake email alerts pretending to be Google. This happened during the 2016 presidential race when suspected Russian hackers targeted Hillary Clinton aides with spoofed email messages from Google, warning them their passwords had been stolen. The spoofed messages then told the aides to change their passwords by clicking on a link, but doing so actually handed the hackers access to their Gmail accounts. 

Google’s security team is well aware of the phishing threat. As a result, the company is experimenting with placing “badges” in the Gmail inbox to distinguish official messages from the company. 

“So I definitely expect to see a differential surfacing, or channel, being made available for security notifications to make them much, much harder to miss,” added Jonathan Skelker, Google product manager. 

About Our Expert

Michael Kan

Michael Kan

Principal Reporter

My Experience

I've been a journalist for over 15 years. I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017, where I cover satellite internet services, cybersecurity, PC hardware, and more. I'm currently based in San Francisco, but previously spent over five years in China, covering the country's technology sector.

Since 2020, I've covered the launch and explosive growth of SpaceX's Starlink satellite internet service, writing 600+ stories on availability and feature launches, but also the regulatory battles over the expansion of satellite constellations, fights with rival providers like AST SpaceMobile and Amazon, and the effort to expand into satellite-based mobile service. I've combed through FCC filings for the latest news and driven to remote corners of California to test Starlink's cellular service.

I also cover cyber threats, from ransomware gangs to the emergence of AI-based malware. In 2024 and 2025, the FTC forced Avast to pay consumers $16.5 million for secretly harvesting and selling their personal information to third-party clients, as revealed in my joint investigation with Motherboard.

I also cover the PC graphics card market. Pandemic-era shortages led me to camp out in front of a Best Buy to get an RTX 3000. I'm now following how the AI-driven memory shortage is impacting the entire consumer electronics market. I'm always eager to learn more, so please jump in the comments with feedback and send me tips.

The Best Tech I've Had:

  • My first video game console: a Nintendo Famicom
  • I loved my Sega Saturn despite PlayStation's popularity.
  • The iPod Video I received as a gift in college
  • Xbox 360 FTW
  • The Galaxy Nexus was the first smartphone I was proud to own.
  • The PC desktop I built in 2013, which still works to this day.

Read the latest from Michael Kan

Read full bio