Gmail’s State Sponsored Attack Warning

This week, after logging into my Gmail, I was greeted by the message below.

“Warning: We believe state-sponsored attackers may be attempting to compromise your account.”

In June, Google announced plans for this sort of attack.  At that time, I expected these alerts to be seen by Tibetans targeted by China.   It’s not the sort of thing you expect to see.

I can run through mental checkdown on whether this is something to worry about.   What would the normal, barely computer literate person, think about this?

Google provides a link to “protect yourself now”.   

It doesn’t say why you saw this message, just that they believe it and Google hasn’t been hacked.

It advises me to:

1.  Dont click on stuff.   Dont click on links.   Don’t click on attachments.

2.  Be careful where you sign in.   Make sure the URL is really google.   Make sure the connection is valid SSL.

3.  Use a unique password not used on any other website.

4.   Keep up to date on patches.

5.  Enable two factor authentication in Gmail (which I already do).

 

To verify that your account isn’t compromised

1.  Review currently logged on users by clicking on “Details” at the bottom of the logon screen.   Of course the average user may not readily identify which IP addresses likely belong to them and which don’t.

2.   In Account Settings, click on Accounts and Imports.under Grant Access to your Account make sure there are no addresses there.

3.  Click on the Forwarding tab.  Make sure your mailbox isn’t forwarding your mail somewhere else.
if you know that your aren’t using POP3 or IMAP turn them off.   You might use them to check mail from another client like your phone or Thunderbird.

4.   Click on Filters.   Check if any rule says “Do This : Forward mail to”.   If your mail is forwarded to an unknown address you have a problem.

I don’t see any phishing type messages in my mailbox that would have triggered this warning.  I have logged in from many different IP addresses in the course of a day which could be the cause.   But those addresses are all in the US.

2 Comments

  1. Roger,

    I’m catching up on your security notes… In this post about Google account settings, you wrote the following in step 3 under “Verify your account isn’t compromised”
    if you know that your aren’t using POP3 or IMAP turn them on.

    Did you mean turn them “off” ? If I’m not using them (and don’t plan to use thunderbird/POP access), shouldn’t I go ahead and close this door?

    Great work on this blog, by the way… I really enjoy reading it!
    🙂 Abby

    • doh!
      thanks for catching that. Fixed now.

      If you use your phone to access gmail, it is probably configured for IMAP. In that case you’d want to make sure you are using IMAP over SSL and SMTP over SSL. Some phones may set that up using that automatically, but it doesn’t hurt to check.
      If you did use Google’s two factor authentication, you have to set up a special “application” password for your phone so it doesn’t have the two factor requirement.

Comments are closed.