When I opened my Google account this morning, this is the first thing I saw:
Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer.
A Google link took me to the information below (for further exploration on the message, which judging by Twitter was sent to many both in and outside of China, see Charles Custer's blog here. UPDATE: This item at Foreign Policy is a good explainer, click here.):
Your account could be at risk of state-sponsored attacks
About the security threat
If you were directed to this page from a warning displayed above your Gmail inbox, we believe that state-sponsored attackers may be attempting to compromise your account or computer.
It's likely that you received emails containing malicious attachments, links to malicious software downloads, or links to fake websites that are designed to steal your passwords or other personal information. For example, attackers have often been known to send PDF files, Office documents, or RAR files with malicious contents. We strongly recommend that you avoid clicking links or attachments in suspicious messages.
It's important to note that Google's internal systems are not compromised and that this message does not refer to one specific campaign. We routinely receive abuse reports from users, as well as from our internal systems that monitor for suspicious login attempts and other activity. To help defend the integrity of these systems, we aren't sharing more details about these attacks. However, after carefully studying the abuse reports, we decided to show you the message in Gmail to help warn and protect you from potential attacks.
What you can do
Most importantly, avoid clicking links and attachments in unfamiliar messages as well as suspicious looking messages that seem to be from someone you know.
We also strongly advise you to take extra steps to protect your computer and accounts:
- Be careful about where you sign in to Google. Attackers often send links to fake sign-in pages to try to steal your password. Whenever you sign in to Google products, make sure that the webpage address shown at the top of your browser1 window starts with https://accounts.google.com/. Use a strong password for Google that you don't use on any other website, keeping in mind these tips for a safe password .
- Always use up-to-date software including your Internet browser, operating system, plugins, and document editors. Consider switching to the Chrome browser , which has an auto-updating security feature to reduce the risk associated with running out-of-date software.
- Enable 2-step verification in Gmail. This feature sends a second password to your phone, giving you an extra layer of security that has been successful in protecting some accounts from these attacks.
By following these steps, you can dramatically decrease the likelihood of your account or computer becoming compromised.
The warning above your Gmail inbox will remain for a while to help remind you to take the recommended steps above. The alert will disappear after that time, but we encourage you to take action as soon as you can.