Google reveals that a phishing campaign directed at Gmail users originates out of China and offers protection advice

Jun 1, 2011 6:25pm


By Michael Kaiser, NCSA Executive Director

Today in a post on the Official Google (NCSA Board member Company) Blog titled Ensuring Your Information is Safe Online Eric Grosse, Engineering Director, Google Security Team announced that Google had:

“Through the strength of our cloud-based security and abuse detection systems, we recently uncovered a campaign to collect user passwords, likely through phishing. This campaign, which appears to originate from Jinan, China, affected what seem to be the personal Gmail accounts of hundreds of users including, among others, senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists.”

He added that users and an external report  also helped identify the phishing scam. The blog post goes on to state that:

“It’s important to stress that our internal systems have not been affected—these account hijackings were not the result of a security problem with Gmail itself. But we believe that being open about these security issues helps users better protect their information online."

The blog also contains useful information about how to activate 2-step verification  for Gmail which protects you by sending a verification number to your phone to complete your log on. This kind of multifactor authentication, as it’s called in cybersecurity circles, is a feature that Google has baked in for your safety and you should be using. The blog also discuss checking forwarding settings on your Gmail account to be sure they haven’t been modified and other general advice about passwords, such as create a strong pasOf course it’s not surprising that the bad guys would go after Gmail accounts. Any pathway to personal information is a target for cybercriminals in their malicious attempts to exploit personal information for monetary or other gain. sword that you only use for your Gmail account.

That the bad guys would use phishing and social engineering methods to try and pry critical information from users is also no surprise. Even as we have seen the public become more aware and defended against these approaches, we know, as do the bad guys, that some people still click on things they shouldn’t in email and social network posts.

In the STOP. THINK. CONNECT. campaign we have a simple bit of advice on avoiding phishing:

  • When in doubt, throw it out: Links in email, tweets, posts, and online advertising are often the way cybercriminals compromise your computer. If it looks suspicious, even if you know the source, it’s best to delete or if appropriate, mark as junk email.

Individual computer users are a key element in keeping the Internet safe and secure. What you do to stay safe online also helps keep the Internet safer for everyone else. In this case, it might be keeping the bad guys from getting to your contacts and sending email to friends and family trying to get them to reveal personal information because they thought the email was really from you.

Take the time to know the services you use and how to activate safety and security functions. Also, STOP. THINK. CONNECT when you see an email or post that implores you to act immediately.

SSO (Stay Safe Online),

Michael