Hackers around the world are gaining more attention than usual in the last few months and now Google has added another announcement to the pile that hundreds of Gmail accounts have been hacked recently. Google affirms that the problem doesn’t rest with Gmail security but rather this scheme was a result of phishing and malware……….
Google disclosed Wednesday that hundreds of Gmail accounts, including those of senior U.S. officials and Chinese political activists, were targeted in a concerted hacking campaign originating from Jinan, China. Unlike a series of cyberattacks from China last year, Google said the goal this time was not its own central systems, but the individual accounts of users of its email service. The attacks, which Google said also targeted government officials in South Korea and other Asian nations, military personnel and journalists, were likely the result of “phishing” attempts, in which the attacker dupes users into sharing passwords. There were no indications Wednesday that the latest round of attacks would prompt any change in Google’s operations in China. Nor was there evidence of Chinese government involvement, although some analysts speculated Chinese officials could be indirectly involved. “We have more than 500 employees and hundreds of partners in China and we plan to continue to work there,” Google said in a written statement provided to this newspaper.
Google said the latest attacks, which gained access to an undisclosed number of accounts before they were detected, intended to spy on the private email conversations of U.S. and foreign government officials, political dissidents,journalists and others. The phishing campaign is being investigated by the FBI and other federal agencies. “We are working with Google and other U.S. government agencies to review this matter further to identify the origin of this campaign and to see what information may have been compromised,” the FBI said in a written statement released Wednesday. Neither Google nor an FBI spokeswoman would comment on which senior U.S. officials were targeted. Some of the same targets of last year’s Gmail attacks may have been targeted again. Tenzin Seldon, a Stanford student and Tibetan activist, said she noticed that someone improperly commandeered her email account in March and managed to send messages under her name to other Tibetan leaders. This particular attack used a method called “spear phishing,” in which the attacker uses small bits of real information to trick someone into sharing access to their email account. In this case, government officials received a message in their personal Gmail account that appeared to come from the address of a close associate or collaborating government agency, according to an analysis cited by Google as one way it discovered the latest Chinese attacks. Google detected and has disrupted this campaign to take users’ passwords and monitor their emails. Here are some ways to improve your security when using Google products:
- Enable 2-step verification. This Gmail feature uses a phone and second password on sign-in, and it protected some accounts from this attack. So check out this video on setting up 2-step verification.
- Use a strong password for Google that you do not use on any other site. Here’s a videoto help.
- Enter your password only into a proper sign-in prompt on a https://www.google.comdomain. We will never ask you to email your password or enter it into a form that appears within an email message. Here’s a video with more advice.
- Check your Gmail settings for suspicious forwarding addresses (“Forwarding and POP/IMAP” tab, Fig. 1) or delegated accounts (“Accounts” tab, Fig. 2).
- Watch for the red warnings about suspicious account activity that may appear on top of your Gmail inbox.
- Review the security features offered by the Chrome browser. If you don’t already use Chrome, consider switching your browser to Chrome.
- Explore other security recommendations and a video with tips on how to stay safe across the web.