Since 2012, Google has warned users being targeted by what the company suspects are government-based attackers. Coinciding with today’s climate, Google is now adding a feature to alert G Suite administrators when there has been such an attempt on an account they manage.
An alert is sent when Google believes a government-based attacker has “likely attempted to access a user’s account or computer through phishing, malware, or another method.” The company veers on the side of caution with these email-based warnings, noting the possibility that it’s a false alarm.
However, we believe we detected activities that government-backed attackers use to try to steal a password or other personal information. Such activity includes the user receiving an email containing a harmful attachment, links to malicious software downloads, or links to fake websites that are designed to access passwords.
The company notes that receiving an alert doesn’t “necessarily mean that the account has been compromised or that there was a widespread attack on an organization.”
By default, the alerts are off and can be enabled by heading to the Admin Console > Reports > Manage Alerts. Next to “Government based attack,” there are settings to determine which managers in a G Suite domain get alerted, with super administrators set as the default.
Google offers a list of suggestions for how admins should respond to secure accounts after an alert, including changing the password, signing up for Advanced Protection, and setting up 2-step verification. Announcing the Titan Security Key last week, G Suite accounts that have set-up this form of two-factor authentication have had “zero” reported or detected hijackings.