29 Mar 2016

New alerts for Gmail users targeted by state-sponsored attackers

Since 2012, Google has been warning Gmail users when they have been targeted by state-sponsored attackers, but now the alert will be even more visible (and therefore less likely to be overlooked or ignored):
Gmail state-sponsored attack warning

The new full-page warning says that Google can’t say how they know that the user’s account is being targeted by government-backed hackers, and urges the user to enable two-factor authentication and set up a Security Key on his or her account.
“These warnings are rare—fewer than 0.1% of users ever receive them—but they are critically important. The users that receive these warnings are often activists, journalists, and policy-makers taking bold stands around the world,” Nicolas Lidzborski, Gmail Security Engineering Lead and Jonathan Pevarnek, Jigsaw Engineer, explained.
Given that Gmail has surpassed the “1 billion monthly active users” mark in February 2016, the number of users targeted by state-sponsored attackers could therefore be as high as 1 million.
Google is also adding to its Safe Browsing protection for Gmail users inadvertently visiting dangerous sites. From now on, they will no longer only see the warning that a link in an email they received is potentially malicious, but will also be warned again it they click on the link.
The new alert will offer links to more information on how to protect oneself from harmful software online, and links to resources for website owners and administrators that believe their sites have been compromised to serve malware.
Google is not the only Internet company that alerts its users about their accounts being targeted by state-sponsored attacksers. Facebook began doing so last October, and Twitter sent out warnings in December.
helpnetsecurity