Google fixes a major security bug recently found on Gmail and the G-Suite suite of software.

Gmail with millions of users, the slightest bug and bug on it can be a big hassle for the whole internet; Because it also affects other Google services and applications.

A recent security bug allowed hackers to send emails to users with the same appearance and sender as other Gmail users to deceive them.

This unusual security bug that causes every hacker to replace himself with a Gmail user; It was first discovered by a security researcher named Allison Husain.

The bug is a combination of vulnerabilities and G-Suite exploits in the backend that allow hackers to manipulate email routing information. This trick could be used as a pretext for attacks and phishing campaigns against Gmail and G-Suite users.

As a result of this manipulation, the internal security features of Gmail and G-Suite do not detect these emails as malicious and can not be easily categorized as spam and promotional emails.

Allion reported the vulnerability to Google in early April, but apparently after 137 days, Google took the issue seriously and took action to fix the bug.

Google had planned to fix the issue in September with an update, but the release of the exploit code on the Allison blog caused Google to react seven hours later.

This proves once again how effective white hackers and security researchers are in securing the Internet and online space, and forcing large companies like Google to react and secure their platforms and software.

Three basic tricks to protect your Gmail account

But generally to protect your Gmail account from phishing attacks or security bugs that have not yet been detected; It is better to follow some safety and prevention tips. Here are three basic things that every Gmail user should do:

Two-step authentication to deal with invalid logins

Two-Step Authentication (2FA) Adds a strong layer of security to your Google Account. Even if your Google Account is compromised or hacked; You must have higher and smarter access to fully log in to your account.

Follow the two steps below to enable authentication:

1. Enter your Google Account settings via the link https://myaccount.google.com .

2. From the menu on the left, click on the Security option.

3- In the Signing in to Google section, click on the 2-Step Verification option.

4. Click Get started.

5- Follow the steps to the end to activate the two-step authentication for you.

Configure recovery options if your account is lost

If you are lucky; Some hackers allow you to access your account again and there is a way to get it back. Google has provided various ways to recover accounts through secondary and alternative emails or mobile numbers:

1. Enter your Google Account settings via the link https://myaccount.google.com .

2. From the menu on the left, click Personal info.

3- From the Contact info section, select the Add a recovery phone option.

4- In this section, you can give a new mobile number or edit your previous mobile number. By clicking on the Edit option, you can delete a mobile number and enter another mobile number.

5- Go through all the steps mentioned and finish.

6- You can return to your account settings again and from the Personal info »Contact info section, click on the Email option.

7- Again in this section, by clicking on the Edit option, you can edit or delete an old email address and enter a new email address.

Follow the important anti-phishing tips

Increase the security level of your Google and Gmail accounts; You may still be exposing to phishing attacks. Therefore, you need to be vigilant in dealing with phishing and consider the following important points:

1. Always pay attention to the sender of the emails and make sure it is from a certified and familiar sender. If an email has been sent to you by a company or institution; Be suspicious and try to check other information in the sender section.

2. Do not click on links, photos, attachments and anything suspicious in emails.

3. Never open an email that you are not familiar with the sender.

4. Never download an anonymous email attachment.

5. If an email asks you to enter any personal information into a system or page; Ignore this email.