X

How to protect your Gmail account from state-sponsored hacking

Find out how to fend off state-sponsored hackers (and any hacker for that matter) with these five best practices.

Sharon Profis Vice President of Content, CNET Studios
As the Vice President of CNET Studios, Sharon leads the video, social, editorial design, and branded content teams. Before this role, Sharon led content development and launched new verticals for CNET, including Wellness, Money, and How To. A tech expert herself, she's reviewed and covered countless products, hosted hundreds of videos, and appeared on shows like Good Morning America, CBS Mornings, and the Today Show. An industry expert, Sharon is a recurring Best of Beauty Awards judge for Allure. Sharon is an avid chef and hosts the cooking segment 'Farm to Fork' on PBS nationwide. She's developed and published hundreds of recipes.
Credentials
  • Webby Award ("How To, Explainer, and DIY Video"); Folio Changemaker Award, 2020
See full bio
Sharon Profis
2 min read

The Google warning displayed to Gmail accounts that may have been targeted by state-sponsored phishing and malware attacks. Google

This week, Google began warning users of "state-sponsored attacks" -- if Google detects malicious attempts to access your account, a prominent warning will appear at the top of your Gmail inbox.

Scary, but the warnings do not necessarily mean that the government-related hacker accessed your account. Instead, your account may have simply been targeted, and Google wants you to take extra security measures.

When such attacks occur and user accounts become vulnerable, it's important that all users take precaution. So, even if you have not yet received the warning, follow this guide to ensure your account is not compromised.

Watch this: Make your Google account more secure

Enable two-step verification
In our guide to Gmail security, two-step verification is highlighted as one of the best ways to prevent third-parties from accessing your account.

With this feature enabled, Google will SMS your phone with a special code that you enter upon logging in. Meaning, the hacker would have to be in possession of your phone to access your account. (I'm guessing that's an unlikely event, though.) Enable two-step verification here.

Beef up your password security
Hackers use several dependable methods to steal account passwords, like brute-force attacks and data breaches. As an end-user, your best protection against such attacks is a supersecure password. From password creation to password management, this guide will ensure your data is safe, secure, and prepared to withstand any government-sponsored attacks.

Know how to spot a phishing e-mail
Users fall for it often: hackers will send out e-mails masquerading as a company, like a bank or social network, with a link to a Web site that prompts them to enter password and account data.

Sometimes, these e-mails are filled with spelling mistakes and funky fonts. Other times, however, they're well-written and easy to fall for.

Read up on phishing attacks and find out how to spot one before your give your account data away to a malicious party.

Keep your software up to date
As Google suggests, it's important to keep your operating system, browser, and all plug-ins up to date. Aside from feature additions, the updates patch up any security holes that make your software vulnerable to attacks.

So the next time your browser or computer is telling you to update, do it!

Double-check your Gmail URL
In 2011, Chinese hackers were able to access user accounts of government officials by creating a fake Gmail log-in page. When the users entered their username and password, that data was sent straight to the hackers.

Unsurprisingly, the attack worked. The fake log-in page looked so similar to the authentic one that users were unable to tell the difference.

However, if they had taken a look at their browser bars, they would have noticed it wasn't the legitimate log-in URL. Make a habit of verifying that the URL for the Gmail log-in screen you're using is https://accounts.google.com/.