The latest Gmail hack attack involves a sophisticated phishing campaign that employs the use of an OAuth application and what has been described as a “creative DomainKeys Identified Mail workaround” to fool victims into thinking a security alert email originated from Google itself. In other words, it has managed to bypass the exact protections that Google has put in place to help prevent such attacks in the first place. Google says you have 7 days in which they can undo the damage and regain access to that hacked account. The good news is that Google has confirmed it is putting out updated protections that counter the threat methodology used in this attack. “These protections will soon be fully deployed, which will shut down this avenue for abuse.” Anyone who finds themselves locked out of their Gmail account following a successful attack, where the hacker has changed their account password and recovery methods, still has seven days in which they can undo the damage and regain access to that hacked account.