Google Warns About Chinese Phishing Attack Affecting Gmail Accounts

Google today acknowledged a attack on its Gmail service to collect user passwords, likely through phishing."This campaign, which appears to originate from Jinan, China, affected what seem to be the personal Gmail accounts of hundreds of users including, among others, senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), […]

Google today acknowledged a attack on its Gmail service to collect user passwords, likely through phishing.

"This campaign, which appears to originate from Jinan, China, affected what seem to be the personal Gmail accounts of hundreds of users including, among others, senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists," revealed Google.

"The goal of this effort seems to have been to monitor the contents of these users' emails, with the perpetrators apparently using stolen passwords to change peoples' forwarding and delegation settings. (Gmail enables you to forward your emails automatically, as well as grant others access to your account.)"

Google stated that it has detected and "disrupted" this attack, saying, "We've notified victims and secured their accounts. In addition, we've notified relevant government authorities." Google stated that the apparent object of this attack was to read the emails of the people who were affected by the attack "with the perpetrators apparently using stolen passwords to change peoples" forwarding and delegation settings."

Google stressed that this attack didn't actually affect any of its internal network systems, saying. " ... we believe that being open about these security issues helps users better protect their information online."

Google goes on to suggest how users can improve their online security:

[Source: Google blog]