If you are a senior U.S. government official, it might be time to change your Gmail password. That’s because a massive phishing scheme this week allowed hijackers to find hundreds of personal Gmail account passwords, including those of some very senior U.S. officials. Google explained on Wednesday that the attack was not due to a breakdown in Gmail’s security systems, but to stolen passwords that were retrieved when victims responded to hackers’ e-mails.
Phishing Attack
Google believes that the attack came from Jinan, China. As Chris Ortman for Homeland Security said,
“The Department of Homeland Security is aware of Google’s message to its customers. We are working with Google and our federal partners to review the matter, offer analysis of any malicious activity, and develop solutions to mitigate further risk.”
Google has reassured its users that it has notified the victims of the attack and that it has disrupted the campaign. The goal of the hackers was to monitor the victims’ e-mails and to alter some of the users’ forwarding settings. Google put out a warning today urging users to “please spend ten minutes today taking steps to improve your online security so that you can experience all that the Internet offers — while also protecting your data.”
Getting in Line with Security
On their official blog, Google has listed a number of safeguards that people should take to protect their identity and their email. They explain that, “Through the strength of our cloud-based security and abuse detection systems*, we recently uncovered a campaign to collect user passwords, likely through phishing. This campaign, which appears to originate from Jinan, China, affected what seem to be the personal Gmail accounts of hundreds of users including, among others, senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists.”They recommend that users use a 2-step verification when signing into Gmail, that they use a strong password for their account that they don’t use elsewhere, that they look over the security features offered by Chrome (and switch to Chrome if they don’t use it already) and more.