Security Blog
The latest news and insights from Google on security and safety on the Internet
A reminder about government-backed phishing
August 20, 2018
Posted by Shane Huntley, Threat Analysis Group
TLDR: Government-backed phishing has been in the news lately. If you receive a warning in Gmail, be sure to take prompt action. Get two-factor authentication on your account. And consider enrolling in the
Advanced Protection Program
.
One of the main threats to all email users (whatever service you use) is phishing, attempts to trick you into providing a password that an attacker can use to sign into your account. Our improving technology has enabled us to
significantly decrease the volume of phishing emails that get through
to our users. Automated protections, account security (like security keys), and specialized warnings give Gmail users industry-leading security.
Beyond phishing for the purposes of fraud, a small minority of users in all corners of the world are still targeted by sophisticated government-backed attackers. These attempts come from dozens of countries.
Since 2012
, we've shown prominent warnings within Gmail notifying users that they may be targets of these types of phishing attempts; we show thousands of these warnings every month, even if we have blocked the specific attempt.
We also send
alerts to G Suite administrators
if someone in their corporate network may have been the target of government-backed phishing. And we regularly
post public advisories
to make sure that people are aware of this risk.
This is what an account warning looks like; an extremely small fraction of users will ever see one of these, but if you receive this warning from us, it's important to
take immediate action on it
.
We intentionally send these notices in batches to all users who may be at risk, rather than at the moment we detect the threat itself, so that attackers cannot track some of our defense strategies. We have an expert team in our Threat Analysis Group, and we use a variety of technologies to detect these attempts. We also notify law enforcement about what we’re seeing; they have additional tools to investigate these attacks.
We hope you never receive this type of warning, but if you do, please take action right away to enhance the security of your accounts.
Even if you don’t receive such a warning, you should
enable 2-step verification in Gmail
. And if you think you’re at particular risk of government-backed phishing, consider enrolling in the
Advanced Protection Program
, which provides even stronger levels of security.
No comments :
Post a Comment
Labels
#sharethemicincyber
#supplychain #security #opensource
android
android security
android tr
app security
big data
biometrics
blackhat
C++
chrome
chrome enterprise
chrome security
connected devices
CTF
diversity
encryption
federated learning
fuzzing
Gboard
google play
google play protect
hacking
interoperability
iot security
kubernetes
linux kernel
memory safety
Open Source
pha family highlights
pixel
privacy
private compute core
Rowhammer
rust
Security
security rewards program
sigstore
spyware
supply chain
targeted spyware
tensor
Titan M2
VDP
vulnerabilities
workshop
Archive
2024
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2023
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2022
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2021
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2020
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2019
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2018
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2017
Dec
Nov
Oct
Sep
Jul
Jun
May
Apr
Mar
Feb
Jan
2016
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2015
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2014
Dec
Nov
Oct
Sep
Aug
Jul
Jun
Apr
Mar
Feb
Jan
2013
Dec
Nov
Oct
Aug
Jun
May
Apr
Mar
Feb
Jan
2012
Dec
Sep
Aug
Jun
May
Apr
Mar
Feb
Jan
2011
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
2010
Nov
Oct
Sep
Aug
Jul
May
Apr
Mar
2009
Nov
Oct
Aug
Jul
Jun
Mar
2008
Dec
Nov
Oct
Aug
Jul
May
Feb
2007
Nov
Oct
Sep
Jul
Jun
May
Feed
Follow @google
Follow
Give us feedback in our
Product Forums
.
No comments :
Post a Comment