Google is taking new steps to notify users it believes may be the targets of state-sponsored cyber-attacks.
Notice of this threat came in a post on the company’s online security blog on Tuesday, along with various countermeasures users can take to protect themselves. A warning will appear at the top of the user’s browser in their Gmail account if Google suspects the account has been targeted by a state-sponsored attack.
“If you see this warning it does not necessarily mean that your account has been hijacked,” Google Vice President of Security Engineering Eric Grosse wrote on the company’s security blog. “It just means that we believe you may be a target, of phishing or malware for example, and that you should take immediate steps to secure your account.”
Google recommended users create unique passwords with a mix of lower- and upper-case letters, as well as punctuation marks and numbers; employ two-step password verification; and make sure their software is updated. Users should also be aware of fake sign-in pages used to steal passwords.
“You might ask how we know this activity is state-sponsored,” Grosse wrote. “We can’t go into the details without giving away information that would be helpful to these bad actors, but our detailed analysis — as well as victim reports — strongly suggest the involvement of states or groups that are state-sponsored.”
Foreign Policy magazine confirmed in a report on Tuesday that a senior Senate aide received a warning in his Gmail account that Google “suspected he had been the target of a state-sponsored cyber-attack.”