In a statement made on its blog, Google said that it successfully managed to block a spear-phishing attack aimed at the Gmail accounts of many “senior US government officials, Chinese political activists, officials in several Asian countries (mainly South Korea), military personnel and journalists” in February.
The blog also contained many directions and advices given by Google’s security team for Gmail users to defend themselves from such attempts.
The attempt apparently came from Jinan China, a well known region for online spear phishing attacks on Google in the last few years. Google said that the spear-phishing attack, tried to trick the Gmail users by sending them emails which seemed like they were from friends of colleagues. The content of each email was especially designed to relate to each receiver of the emails, a statement made by Google’s security team said. The emails contained an option “View Download” which contained the faulty link, taking the users to a fake Google login page with the email recipient’s username already in the appropriate field, asking them to type in a password.
According to Google, all these attempts were carried out to undermine the recipients’ email account and information.
Once the users typed in the passwords, hackers used them to sign into their accounts and modify all settings to change address for emails to another account, or grant access to other Google accounts.
Many media authorities, on the blog posts, mentioned that the attack was a “Gmail hack” implying and hence fueling the rumors that platform servers of Google had been compromised.