Did you get a message recently across the top of your Gmail account that says “Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer. Protect yourself now”? Worried that someone may have hacked your Google or Gmail account? Read on…
First of all, it’s legitimate. Google first rolled these messages out back in 2012. And now, in 2015 / 2016 they are using it again. So, if you are seeing this message above your Gmail inbox, as a banner, like the image above, it’s legitimate.
That said, if you see this message in an email do NOT click on it or any links within, as such a message would probably be a malicious actor trying to get you to install malware, or give up your credentials or other personal information.
So what, exactly, does it mean?
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
Well, first, here’s what it doesn’t mean: it doesn’t mean that your account has been compromised, and it doesn’t mean that ISIS or North Korea, or China or some other ‘state actor’ is trying to hack your account.
(And before anybody points it out to us, we know that ISIS is not technically a state actor, but that won’t stop end users seeing Gmail’s “We believe state-sponsored attackers may be attempting to compromise your account” message from thinking that. We also are aware that there are people who think that this warning could also be triggered by actions by the NSA, who are state actors – however it seems that they are less likely to be using malware, as they can just serve a demand on Google for your info (unless you believe this is Google’s crafty way of trying to let you know they’ve received such a demand).).
Anyways, here’s what it means: it means, and only means, that the Gmail system has noticed that someone – possibly a “state actor” – may have sent you – or tried to send you – some sort of malware or phishing, or some similar malicious activity. Or maybe they haven’t done that at all, but the Gmail system has noticed that in general there is an increase in that activity.
And, just like always, what you should do about it is not click on links (but instead type the link address into your browser), and not open attachments that you aren’t expecting, and especially if you aren’t 100% certain that the sender is actually who they say they are, and someone you know (lots of these emails seem to be from someone you know, until you look more closely, because that’s one of the ways that scammers get you to open their email – here’s one way that bad guys make it seem like the spam is coming from your friend, or even yourself).
Now, just why Google has suddenly started putting this warning out again is anybody’s guess. Back in 2012, Google’s VP of Security & Privacy Engineering, Eric Grosse, told CNN that “We can’t go into the details without giving away information that would be helpful to these bad actors. But our detailed analysis – as well as victim reports – strongly suggest the involvement of states or groups that are state-sponsored.”
We think it’s great that Google is on top of this, but we also feel that the combination of the wording (“state-sponsored attackers“) with the timing (Paris attacks, San Bernardino attacks, general situation in the Middle East) is really unfortunate, and likely to unnecessarily lead to an overly-heightened level of concern in the average user who sees the warning – especially considering that the explanation describes what is essentially business as usual for any major email service provider: “receiving emails containing malicious attachments, links to malicious software downloads, or links to fake websites that are designed to steal your passwords or other personal information.”
Here’s Google’s explanation of what the warning means, taken from the link in the warning, which was last updated in 2013 (there’s another explanation, dated June 2012 here):
Your account could be at risk of state-sponsored attacks
About the security threat
If you were directed to this page from a warning displayed above your Gmail inbox, we believe that state-sponsored attackers may be attempting to compromise your account or computer.
It’s likely that you received emails containing malicious attachments, links to malicious software downloads, or links to fake websites that are designed to steal your passwords or other personal information. For example, attackers have often been known to send PDF files, Office documents, or RAR files with malicious contents. We strongly recommend that you avoid clicking links or attachments in suspicious messages.
It’s important to note that Google’s internal systems are not compromised and that this message does not refer to one specific campaign. We routinely receive abuse reports from users, as well as from our internal systems that monitor for suspicious login attempts and other activity. To help defend the integrity of these systems, we aren’t sharing more details about these attacks. However, after carefully studying the abuse reports, we decided to show you the message in Gmail to help warn and protect you from potential attacks.
What you can do
Most importantly, avoid clicking links and attachments in unfamiliar messages as well as suspicious looking messages that seem to be from someone you know.
We also strongly advise you to take extra steps to protect your computer and accounts:
Be careful about where you sign in to Google. Attackers often send links to fake sign-in pages to try to steal your password. Whenever you sign in to Google products, make sure that the webpage address shown at the top of your browser window starts with https://accounts.google.com/. Use a strong password for Google that you don’t use on any other website, keeping in mind these tips for a safe password.
Always use up-to-date software including your Internet browser, operating system, plugins, and document editors. Consider switching to the Chrome browser new window, which has an auto-updating security feature to reduce the risk associated with running out-of-date software.
Enable 2-step verification new window in Gmail. This feature sends a second password to your phone, giving you an extra layer of security that has been successful in protecting some accounts from these attacks.
By following these steps, you can dramatically decrease the likelihood of your account or computer becoming compromised.
The warning above your Gmail inbox will remain for a while to help remind you to take the recommended steps above. The alert will disappear after that time, but we encourage you to take action as soon as you can.
Note that the measures that they urge you to take are the measures that everybody always urges you to take (including us, which is why we’ve been telling you to set up 2 factor authentication with Gmail, and in fact to set up 2-factor authentication everywhere you can, for years).
That said, we’ve got it on good authority that at least some folks in the know at Google now suggest getting an actual Google USB security key instead of relying on 2-factor authentication (“2FA”), as these days some attackers are getting good at phishing for, and social engineering for, the 2FA information. Unfortunately, the security keys only work with computers (not mobile devices), and then only computers running Chrome. That said, having a second verification (the 2 in 2FA) come to your mobile phone as a text message is still way better than not using 2FA at all.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
Great information! Thanks for sharing.
Good explanation. Thank you. But why state-sponsored attack only? what about those attacks launched by individual or a group of criminals?
Thanks.
Ken
Very helpful. And good to know. But how do I get rid of it?
Chinuser – eventually the warning will go away on its own; there is no apparent way to dismiss it though.