What to do about those ‘government-backed attack’ warnings from Google


Just kidding; please don’t do that. Google regularly issues warnings to people whose accounts are or have been targeted by state-sponsored attackers, and every time it does, users get really nervous that their emails are going to wind up on WikiLeaks. Don’t freak out if you get one of these notices — it doesn’t necessarily mean that your account has been compromised, it just means you should think about taking a few extra steps to secure your account.

I got a “government-backed attack” warning. What does it mean?

You’re in good company — lots of journalists and academics have received warnings like these. According to Google, it means that a sophisticated attacker has tried to gain access to your account using phishing, malware or some other tactic.

Just because you get a warning doesn’t mean you’ve been hacked, though.

“We send these out of an abundance of caution — the notice does not necessarily mean that the account has been compromised or that there is a widespread attack. Rather, the notice reflects our assessment that a government-backed attacker has likely attempted to access the user’s account or computer through phishing or malware, for example,” Shane Huntley, a member of Google’s Threat Analysis Group, wrote.

Unfortunately, you’re unlikely to hear more information, such as when the attack happened or whether or not it was successful. Google doesn’t always send the warnings out right away and doesn’t give specifics about the attack or the responsible parties because it doesn’t want to tip hackers off about how they were detected. If Google says too much, the attackers will change their tactics — and then Google might not be able to warn you about the next attack.

“In order to secure some of the details of our detection, we often send a batch of warnings to groups of at-risk users at the same time, and not necessarily in real-time,” Huntley added.

So what do I do now?

Google recommends several steps to secure your account. The company offers a quick Security Checkup, which lets you review the devices and apps that have access to your account and double-checks your account recovery method.

Google makes some additional recommendations to high-risk users that will help prevent account compromise:

  • keep your software up-to-date (don’t let those updates languish forever because you don’t feel like pausing a show on Netflix long enough to let them install)
  • enable 2-step verification on your account (you can do this through regular old text message, but Google recommends its own Authenticator app or a Security Key as the best methods)
  • install Password Alert in Chrome (or another browser extension that alerts you when you enter your password on a suspicious login page)

Also, pay attention to the email address of the sender and make sure it’s someone you know and trust (rather than someone with a similar email address who’s trying to masquerade as your friend). Don’t click on links and PDFs if you don’t trust the sender. Encrypting email is kind of difficult, but consider doing it anyway, especially if you’re sending sensitive documents or information.

Even if you haven’t gotten a “government-backed attack” warning yet — and you probably won’t as Google only sends them to less than 0.1 percent of users — you can take all these steps to secure your account today. A little extra security never hurts.