A recent campaign to gain access to the Gmail accounts of government officials, Chinese political activists and military personnel (among others), has prompted Google to publicise online security measures.
A blog post from Google explained the attack:
"The goal of this effort seems to have been to monitor the contents of these users' emails, with the perpetrators apparently using stolen passwords to change peoples' forwarding and delegation settings. (Gmail enables you to forward your emails automatically, as well as grant others access to your account.)
"Google detected and has disrupted this campaign to take users' passwords and monitor their emails. We have notified victims and secured their accounts. In addition, we have notified relevant government authorities."Here are Google's suggestions for ensuring the security of your Gmail account:
- Enable 2-step verification. This Gmail feature uses a phone and second password on sign-in (it protected some accounts from the phishing attack).
- Use a strong password for Google that you do not use on any other site.
- Enter your password only into a proper sign-in prompt on a https://www.google.com domain. Google will never ask you to email your password or enter it into a form that appears within an email message. How to know if an email is real.
- Watch for the red warnings about suspicious account activity that may appear on top of your Gmail inbox.