When even the mighty Google can’t ward off cyber attacks, you know the recent hacking frenzy has reached its peak. Google announced on its official blog that hackers originating from Jinan, China amassed “hundreds” of passwords for personal Gmail accounts to change their forwarding and delegation settings. The attack targets senior U.S. government officials, Chinese political activists, officials in several Asian countries, military personnel and journalists, among others.
Google caught the campaign through its cloud-based security and abuse detection systems and has taken steps to secure accounts and notify victims of this online theft. They urge all users to employ extra security measures such as two-step authentication and strong passwords. While this attack focused solely on personal accounts, corporate Gmail accounts should be on the watch as well.
Security blog Contagio covered the story and provided a screenshot (above) contrasting the fake Gmail page that the scammers used to harvest passwords with the real sign-in.