It’s no secret that state-sponsored hackers want to break into email accounts to steal people’s sensitive files. But on Tuesday, Google shared some intel on the scale of the hacking activities.
From July to September, the company sent out more than 12,000 warnings to users across the globe that government-backed attackers were trying to break into their Google accounts through phishing scams.
The 12,000-plus figure is consistent with the number of warnings the company sent out during the same period in 2018 and 2017. To illustrate the threat, the company also broke down the phishing attempts by geography.
Perhaps to no one’s surprise, users in the US were among the countries most heavily targeted. The state-sponsored cyberspies were also focused on users based in Pakistan, South Korea, and Vietnam.
More than 90 percent of the affected users were hit with phishing emails that tried to trick the victim into handing over access to their Google account, company security director Shane Huntley wrote in a Tuesday blog post. He offers an example of one such phishing attack that involved the attacker trying to pose as “Goolge.” The lookalike email suggested the user secure their account by doing a password reset.
What makes the attack particularly disturbing is how it can bypass Google’s two-factor authentication, a safeguard that requires anyone logging on to also supply a one-time passcode generated from their smartphone. “The user clicks the link, enters their password, and may also get asked for a security code if they have two-factor authentication enabled, allowing the attacker to access their account,” Huntley wrote.
In total, Google has said in the past it encounters about 100 million phishing messages per day. So the attacks from the state-sponsored hackers only represent a small slice. Most consumers will also likely never become a target of a government cyberspy.
Nevertheless, the danger of government-backed hackers breaking into someone’s Gmail account was underscored during the 2016 presidential election when a Hillary Clinton aide had his account compromised. The suspected Russian cyberspies then looted his emails and leaked them online.
In response, Google in 2017 began offering the Advanced Protection Program, which is designed to protect at-risk users, such as politicians, activists, and journalists, from the sneakiest phishing attacks. In Tuesday’s blog post, Huntley revealed that more than 15,000 users are now protected by the program.
“Going forward, we’ll share more technical details and data about the threats we detect and how we counter them to advance the broader digital security discussion,” he said. Google’s threat analysis group “tracks more than 270 targeted or government-backed groups from more than 50 countries,” Huntley noted.
Anyone can sign up for Google’s Advanced Protection Program. But it does require you to buy two security keys, which you can purchased from the company for $50. Google has also created a quiz to educate people on spotting phishing emails.