Search giant Google is urging Gmail users to ramp up their safety measures following confirmed “details of a very complex attack” that trick account holders into compromising their security.
Forbes reported that Cupertino’s Threat Intelligence Group and Citizen Lab have issued a warning after discovering that Russian state-affiliated hackers were able to penetrate their system and used “seemingly legitimate U.S. Department email addresses to help target high-value individuals with emails and calendar invites.
As soon as they have a target in sight, they attach a malicious PDF that triggers a password request to open. They are directed to https://myaccount.google.com/ to create an Application Specific Password (ASP), a unique 16-digit passcode that allows less-secure apps or devices that do not support additional features like 2-step verification to access their Gmail account.
The target is then advised to share the Gmail ASP in order for them to open the document, enabling the hackers to access the victim’s email. Forbes added that the breach has prompted Google to release a warning to high-value users to use the Advanced Protection Program, and for the general public not to use these ASPs since these are not recommended, and are unnecessary in most cases.”
For what it’s worth, the attack on Google came with an urgent warning for users to go beyond using basic passwords and instead consider Passkeys – passwordless sign-in methods that utilize a device’s security features, such as fingerprint, screen lock codes, or face recognition – as their log-in protocol. This upgrade will deter hackers from exploiting their emails since it links the account to hardware security, meaning that there are no passwords or two-factor authentication to bypass.
The effort to add more padlocks on sensitive online information came amid the so-called “Mother of all data breaches,” where more than 16 billion individual records, including Google, Facebook, Telegram, and government accounts passwords, were discovered.
Google has been rolling out account-specific warning emails to users as part of its effort to build a protective wall against the growing issues of spam, phishing, and fake emails. Ignoring these notices could result in the user being locked out of their Google account, Daily Mail UK reported.
For starters, it is recommended for users to enable 2-step verification for added security. They are also urged to use apps or services that use modern login standards, update their saved login methods, check their recovery information, including backup email and phone number.
