Google reports on China-based phishing attack on hundreds of Gmail accounts

Google has admitted that hundreds of users of its Gmail service have been the subject of a attack to collect users passwords. Google revealed the attack in a posting on its blog site. It stated that the attack seems  to have come from China and affected users such as "senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists."

Google stated that it has detected and "disrupted" this attack, saying, "We have notified victims and secured their accounts. In addition, we have notified relevant government authorities." Google stated that the apparent object of this attack was to read the emails of the people who were affected by the attack "with the perpetrators apparently using stolen passwords to change peoples’ forwarding and delegation settings." Google stressed that this attack did not actually affect any of its internal network systems, saying. " ... we believe that being open about these security issues helps users better protect their information online."

Google's blog post also went over how all users of its products can improve their security including using strong passwords, checking your Gmail accounts to see if there is any suspicious forwarding addresses and more. It also put in a plug for using its Chrome web browser, hinting strongly that the brower was better, security wise, than other web browsers.

Of course this is just the latest example of a mass cyber attack in the past couple of months. We have seen attacks on Sony's Playstation Network which still hasn't fully recovered as of this writing along with attacks on Lockheed Martin and other businesses.

Report a problem with article
Previous Story

Eric Schmidt snubs Microsoft as not being innovative

Next Story

Wednesday's PC game sales include free game offer

19 Comments

Commenting is disabled on this article.

warwagon said,
Another reason to enable Two-Factor Authentication on your Gmail.
Is it because idiots click on stupid links, put their passwords on random pages, and click Submit? Ha!

I wish Google would let you disable logging in from foreign countries if needed. I've heard of other email services that let you control where you login in. You could have is disabled unless on vacation, the allow it only for that time.

farmeunit said,
I wish Google would let you disable logging in from foreign countries if needed. I've heard of other email services that let you control where you login in. You could have is disabled unless on vacation, the allow it only for that time.

But at least it lets you see from which IPs (and countries) your account has been accessed from in the last few days.

An admission implies there is fault. There's nothing for Google to admit to. It should say Google confirms a China-based phishing scam.

Xerax said,
Dear China,
stop.

lmao - good luck on that one. A lot of it (if not most of it) is govt sponsored and China really doesn't care. What is anyone going to do?

Hackersoft MS MVP said,

What is anyone going to do?

Maybe we should think along the lines of the "Great Firewall of China" in reverse.

Xerax said,
Dear China,
stop.

That reminds me of those craig lists ads that have on the bottom of them "NO SPAM!" ... as in don't spam me. LOL, as if the spammers really care.

Xerax said,
Dear China,
stop.

Dear friend sorry to disturb, please farm more goldz and stop emailing or we shall unleashed the bath tyrant.

I'm one of the guys that actually allows the phishing email then goes to the 'form' and enters really nasty stuff. I don't know if anyone ever reads it but just in case they do, I got us all covered

Soulsiphon said,
I'm one of the guys that actually allows the phishing email then goes to the 'form' and enters really nasty stuff. I don't know if anyone ever reads it but just in case they do, I got us all covered

Don't do that, just mark it as spam

Soulsiphon said,
I'm one of the guys that actually allows the phishing email then goes to the 'form' and enters really nasty stuff. I don't know if anyone ever reads it but just in case they do, I got us all covered

It's all automated fyi, no-1 person is actually manually going through anything you write, so you're talking to Johnny5, hf wit that.

Soulsiphon said,
I'm one of the guys that actually allows the phishing email then goes to the 'form' and enters really nasty stuff. I don't know if anyone ever reads it but just in case they do, I got us all covered

I remember hearing about some phishing sites that if you entered invalid data on it'd use browser exploits on you to try and run malware to 'get you back', pretty sure it was on neowin years ago?