This week, after logging into my Gmail, I was greeted by the message below.
“Warning: We believe state-sponsored attackers may be attempting to compromise your account.”
In June, Google announced plans for this sort of attack. At that time, I expected these alerts to be seen by Tibetans targeted by China. It’s not the sort of thing you expect to see.
I can run through mental checkdown on whether this is something to worry about. What would the normal, barely computer literate person, think about this?
Google provides a link to “protect yourself now”.
It doesn’t say why you saw this message, just that they believe it and Google hasn’t been hacked.
It advises me to:
1. Dont click on stuff. Dont click on links. Don’t click on attachments.
2. Be careful where you sign in. Make sure the URL is really google. Make sure the connection is valid SSL.
3. Use a unique password not used on any other website.
4. Keep up to date on patches.
5. Enable two factor authentication in Gmail (which I already do).
To verify that your account isn’t compromised
1. Review currently logged on users by clicking on “Details” at the bottom of the logon screen. Of course the average user may not readily identify which IP addresses likely belong to them and which don’t.
2. In Account Settings, click on Accounts and Imports.under Grant Access to your Account make sure there are no addresses there.
3. Click on the Forwarding tab. Make sure your mailbox isn’t forwarding your mail somewhere else.
if you know that your aren’t using POP3 or IMAP turn them off. You might use them to check mail from another client like your phone or Thunderbird.
4. Click on Filters. Check if any rule says “Do This : Forward mail to”. If your mail is forwarded to an unknown address you have a problem.
I don’t see any phishing type messages in my mailbox that would have triggered this warning. I have logged in from many different IP addresses in the course of a day which could be the cause. But those addresses are all in the US.