It’s unnerving to be warned that state-sponsored hackers are targeting you. But don’t freak out, Google says.
Over four years ago, Google began notifying users when it suspected state-sponsored hackers may have been trying to compromise a user account. The potential targets will see a notification at the top of their Gmail home page stating that, “Government-backed attackers may be trying to steal your password.”
Google wants to reassure users that seeing this warning doesn’t necessarily mean the account has been hacked, or even that a bunch of warnings to different people means a mass attack is under way. So don’t panic, but it may be prudent to enable Google’s two-factor authentication.
Google doesn’t say why it’s reminding users of this particular point now, but it does follow recent reports, amid claims of Russian hacking during the US election, of public figures, including diplomats and journalists, receiving Google’s hacker alerts at the same time.
Some recipients at the time tweeted that they’d received the warning, noting also that peers with the same political views also received the warning.
But Google already factors in to its government-backed hacker warnings that users are likely to publicize that they’ve received the message, which in turn may reveal to hackers how its procedures operate. To cover its tracks, it does things like delaying warnings and sending them in batches.
“To secure some of the details of our detection, we often send a batch of warnings to groups of at-risk users at the same time, and not necessarily in real time,” wrote Shane Huntley of Google’s threat analysis group.
Google’s support page for government-backed hacker warnings notes the message means Google thinks an account compromise has been attempted within the past month.
“Additionally, we never indicate which government-backed attackers we think are responsible for the attempts; different users may be targeted by different attackers,” wrote Huntley.
Users would receive the message if Google’s risk analysis systems indicate that a government-backed hacker has attempted to use malware or phishing to access a user’s account.
Google’s brief explanation of how its warnings operate is not accompanied by any change in approach or policy. However, it does remind users that the best available protection from phishing is to enable its two-factor authentication with a Security Key, a physical key that plugs into a USB port.
Huntley notes that only an “extremely small fraction” of users will see this warning.