Google has revealed that “the personal Gmail accounts of hundreds of users” may have been compromised and that the attacks appear to have come out of China. According to a company blog post:
“[W]e recently uncovered a campaign to collect user passwords, likely through phishing. This campaign, which appears to originate from Jinan, China, affected what seem to be the personal Gmail accounts of hundreds of users including, among others, senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists.
The goal of this effort seems to have been to monitor the contents of these users’ emails, with the perpetrators apparently using stolen passwords to change peoples’ forwarding and delegation settings. (Gmail enables you to forward your emails automatically, as well as grant others access to your account.)”
Google says that it’s notified affected users and “disrupted this campaign.”
From the sounds of it, these attacks seem somewhat targeted at specific individuals rather than a more conventional shotgun-approach phishing scam aimed at bilking people out of money.
As Google contends, “Most account hijackings are not very targeted; they are designed to steal identities, acquire financial data or send spam. But some attacks are targeted at specific individuals.”
Gmail users can check which forwarding addresses, if any, they have set up inside their account by going into the “Settings” menu and then clicking on the “Forwarding and POP/IMAP” link. Though it probably doesn’t need to be said, there shouldn’t be any e-mail addresses you don’t recognize in the “Forwarding” section of the page.
Google also recommends using two-step verification, selecting a strong password, and watching your account for suspicious activity warnings.
Follow-up: China to Google on Gmail Hack: Don’t Blame Us, We’re Victims Too