Government Officials and Political Activists Targeted in Gmail Spear Phishing Attack

Google warns users about a Gmail spear phishing attack that targets government officials, military personnel, activists and journalists.

Even though Google just announced the attack and said it discovered it recently, its findings are based on a February report from independent malware researcher Mila Parkour.

The rogue emails came with spoofed headers and purported to originate from colleagues, family members or close associates of the target.

The subjects are chosen depending on their field of work and interests and the content mimics Gmail's attachment View and Download links. The rogue links take users to a fake Gmail login page.

"Some messages are empty while others may have references to family members and friends (e.g. mention names of spouses or refer to recent meetings) and plausible enough to generate responses or conversations from victims," Ms. Parkour warned in her report.

According to Google, the attacks originated from Jinan, China, and targeted hundreds of users, including senior U.S. government officials, Chinese political activists, South Korean officials, military personnel and journalists.

"Google detected and has disrupted this campaign to take users’ passwords and monitor their emails. We have notified victims and secured their accounts. In addition, we have notified relevant government authorities," the company said in a post on its official blog.

Google recommends that all users enable the 2-step authentication feature in their accounts, which adds an extra layer of protection.

With this option enabled, every time they log in from a device that Google doesn't recognize, users will be prompted to input an unique code sent to their mobile phone or generated by a special mobile app.

The company also advises users to check the forwarding addresses defined in their Gmail account's settings for any unauthorized ones. This method is used by hackers to receive all emails after compromising an account.

It also recommends that users switch to using Chrome as their browsers, although, it's not clear how this will help in the case of an attack like this.