In response to increasing cybersecurity threats, security researchers at Malwarebytes uncovered a phishing scam impersonating Google's account protection system. The scam, utilizing the dubious domain google-prism[.]com, lures unsuspecting users under the guise of a necessary security check. Accessing this fraudulent page leads to the installation of a malicious web app, which grants attackers access to sensitive information. This app can monitor clipboard activity, gather personal contacts, and track GPS location data without users' full awareness. Malwarebytes reports that once an individual approves the required permissions and installs the app, they inadvertently allow the attackers to exploit various parts of their devices. The implications of this scam are significant, as the web app is engineered to steal two-factor authentication codes, vital for protecting accounts from unauthorized access. Although Android systems feature Google Play Protect for added security against such threats, those employing different platforms, or who download software from unverified sources, find themselves at heightened risk. In light of the growing sophistication of such attacks, Google has been urged to take stronger measures against similar phishing schemes. Users are advised to remain vigilant when encountering prompts for security verifications, particularly on questionable domains. Recognizing and responding quickly to signs of phishing can greatly reduce the risk of coercive data exploitation. Engaging in proactive habits, such as checking browser extensions and monitoring accounts for unusual activities, is vital for protecting personal data. Helpful tips include dismissing notifications that redirect to sites claiming to be affiliated with established companies without direct verification. For a safer online experience, users should always navigate to websites manually by entering the official URL rather than clicking on links from emails or unexpected prompts.