ChatGPT and Bing Galaxy S23 Reservation Deal Amazon Fresh Price Hike 'Super Mario Bros. Movie' Trailer 'The Last of Us' Recap I Cured My Screen Addiction Siri's Hidden Talents Best Smart Thermostats
Want CNET to notify you of price drops and the latest stories?
No, thank you

How to protect your Gmail account from state-sponsored hacking

Find out how to fend off state-sponsored hackers (and any hacker for that matter) with these five best practices.

The Google warning displayed to Gmail accounts that may have been targeted by state-sponsored phishing and malware attacks. Google

This week, Google began warning users of "state-sponsored attacks" -- if Google detects malicious attempts to access your account, a prominent warning will appear at the top of your Gmail inbox.

Scary, but the warnings do not necessarily mean that the government-related hacker accessed your account. Instead, your account may have simply been targeted, and Google wants you to take extra security measures.

When such attacks occur and user accounts become vulnerable, it's important that all users take precaution. So, even if you have not yet received the warning, follow this guide to ensure your account is not compromised.

Now playing: Watch this: Make your Google account more secure

Enable two-step verification
In our guide to Gmail security, two-step verification is highlighted as one of the best ways to prevent third-parties from accessing your account.

With this feature enabled, Google will SMS your phone with a special code that you enter upon logging in. Meaning, the hacker would have to be in possession of your phone to access your account. (I'm guessing that's an unlikely event, though.) Enable two-step verification here.

Beef up your password security
Hackers use several dependable methods to steal account passwords, like brute-force attacks and data breaches. As an end-user, your best protection against such attacks is a supersecure password. From password creation to password management, this guide will ensure your data is safe, secure, and prepared to withstand any government-sponsored attacks.

Know how to spot a phishing e-mail
Users fall for it often: hackers will send out e-mails masquerading as a company, like a bank or social network, with a link to a Web site that prompts them to enter password and account data.

Sometimes, these e-mails are filled with spelling mistakes and funky fonts. Other times, however, they're well-written and easy to fall for.

Read up on phishing attacks and find out how to spot one before your give your account data away to a malicious party.

Keep your software up to date
As Google suggests, it's important to keep your operating system, browser, and all plug-ins up to date. Aside from feature additions, the updates patch up any security holes that make your software vulnerable to attacks.

So the next time your browser or computer is telling you to update, do it!

Double-check your Gmail URL
In 2011, Chinese hackers were able to access user accounts of government officials by creating a fake Gmail log-in page. When the users entered their username and password, that data was sent straight to the hackers.

Unsurprisingly, the attack worked. The fake log-in page looked so similar to the authentic one that users were unable to tell the difference.

However, if they had taken a look at their browser bars, they would have noticed it wasn't the legitimate log-in URL. Make a habit of verifying that the URL for the Gmail log-in screen you're using is